Deleting unwanted scripts and checking in relevant ones.
[pingpong.git] / json / dns.json
1 [
2   {
3     "_index": "packets-2017-10-26",
4     "_type": "pcap_file",
5     "_score": null,
6     "_source": {
7       "layers": {
8         "frame": {
9           "frame.encap_type": "1",
10           "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT",
11           "frame.offset_shift": "0.000000000",
12           "frame.time_epoch": "1508458071.560156000",
13           "frame.time_delta": "1.053360000",
14           "frame.time_delta_displayed": "0.000000000",
15           "frame.time_relative": "359.154952000",
16           "frame.number": "380",
17           "frame.len": "76",
18           "frame.cap_len": "76",
19           "frame.marked": "0",
20           "frame.ignored": "0",
21           "frame.protocols": "eth:ethertype:ip:udp:dns",
22           "frame.coloring_rule.name": "UDP",
23           "frame.coloring_rule.string": "udp"
24         },
25         "eth": {
26           "eth.dst": "b0:b9:8a:73:69:8e",
27           "eth.dst_tree": {
28             "eth.dst_resolved": "Netgear_73:69:8e",
29             "eth.addr": "b0:b9:8a:73:69:8e",
30             "eth.addr_resolved": "Netgear_73:69:8e",
31             "eth.lg": "0",
32             "eth.ig": "0"
33           },
34           "eth.src": "00:17:88:69:ee:e4",
35           "eth.src_tree": {
36             "eth.src_resolved": "PhilipsL_69:ee:e4",
37             "eth.addr": "00:17:88:69:ee:e4",
38             "eth.addr_resolved": "PhilipsL_69:ee:e4",
39             "eth.lg": "0",
40             "eth.ig": "0"
41           },
42           "eth.type": "0x00000800"
43         },
44         "ip": {
45           "ip.version": "4",
46           "ip.hdr_len": "20",
47           "ip.dsfield": "0x00000000",
48           "ip.dsfield_tree": {
49             "ip.dsfield.dscp": "0",
50             "ip.dsfield.ecn": "0"
51           },
52           "ip.len": "62",
53           "ip.id": "0x0000c5d4",
54           "ip.flags": "0x00000002",
55           "ip.flags_tree": {
56             "ip.flags.rb": "0",
57             "ip.flags.df": "1",
58             "ip.flags.mf": "0"
59           },
60           "ip.frag_offset": "0",
61           "ip.ttl": "64",
62           "ip.proto": "17",
63           "ip.checksum": "0x0000f2e8",
64           "ip.checksum.status": "2",
65           "ip.src": "192.168.0.160",
66           "ip.addr": "192.168.0.160",
67           "ip.src_host": "192.168.0.160",
68           "ip.host": "192.168.0.160",
69           "ip.dst": "192.168.0.1",
70           "ip.addr": "192.168.0.1",
71           "ip.dst_host": "192.168.0.1",
72           "ip.host": "192.168.0.1",
73           "Source GeoIP: Unknown": "",
74           "Destination GeoIP: Unknown": ""
75         },
76         "udp": {
77           "udp.srcport": "35041",
78           "udp.dstport": "53",
79           "udp.port": "35041",
80           "udp.port": "53",
81           "udp.length": "42",
82           "udp.checksum": "0x0000d04f",
83           "udp.checksum.status": "2",
84           "udp.stream": "19"
85         },
86         "dns": {
87           "dns.response_in": "381",
88           "dns.id": "0x00000487",
89           "dns.flags": "0x00000100",
90           "dns.flags_tree": {
91             "dns.flags.response": "0",
92             "dns.flags.opcode": "0",
93             "dns.flags.truncated": "0",
94             "dns.flags.recdesired": "1",
95             "dns.flags.z": "0",
96             "dns.flags.checkdisable": "0"
97           },
98           "dns.count.queries": "1",
99           "dns.count.answers": "0",
100           "dns.count.auth_rr": "0",
101           "dns.count.add_rr": "0",
102           "Queries": {
103             "www2.meethue.com: type A, class IN": {
104               "dns.qry.name": "www2.meethue.com",
105               "dns.qry.name.len": "16",
106               "dns.count.labels": "3",
107               "dns.qry.type": "1",
108               "dns.qry.class": "0x00000001"
109             }
110           }
111         }
112       }
113     }
114   }
115   ,
116   {
117     "_index": "packets-2017-10-26",
118     "_type": "pcap_file",
119     "_score": null,
120     "_source": {
121       "layers": {
122         "frame": {
123           "frame.encap_type": "1",
124           "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT",
125           "frame.offset_shift": "0.000000000",
126           "frame.time_epoch": "1508458071.597999000",
127           "frame.time_delta": "0.037843000",
128           "frame.time_delta_displayed": "0.037843000",
129           "frame.time_relative": "359.192795000",
130           "frame.number": "381",
131           "frame.len": "513",
132           "frame.cap_len": "513",
133           "frame.marked": "0",
134           "frame.ignored": "0",
135           "frame.protocols": "eth:ethertype:ip:udp:dns",
136           "frame.coloring_rule.name": "UDP",
137           "frame.coloring_rule.string": "udp"
138         },
139         "eth": {
140           "eth.dst": "00:17:88:69:ee:e4",
141           "eth.dst_tree": {
142             "eth.dst_resolved": "PhilipsL_69:ee:e4",
143             "eth.addr": "00:17:88:69:ee:e4",
144             "eth.addr_resolved": "PhilipsL_69:ee:e4",
145             "eth.lg": "0",
146             "eth.ig": "0"
147           },
148           "eth.src": "b0:b9:8a:73:69:8e",
149           "eth.src_tree": {
150             "eth.src_resolved": "Netgear_73:69:8e",
151             "eth.addr": "b0:b9:8a:73:69:8e",
152             "eth.addr_resolved": "Netgear_73:69:8e",
153             "eth.lg": "0",
154             "eth.ig": "0"
155           },
156           "eth.type": "0x00000800"
157         },
158         "ip": {
159           "ip.version": "4",
160           "ip.hdr_len": "20",
161           "ip.dsfield": "0x00000000",
162           "ip.dsfield_tree": {
163             "ip.dsfield.dscp": "0",
164             "ip.dsfield.ecn": "0"
165           },
166           "ip.len": "499",
167           "ip.id": "0x00001e6a",
168           "ip.flags": "0x00000002",
169           "ip.flags_tree": {
170             "ip.flags.rb": "0",
171             "ip.flags.df": "1",
172             "ip.flags.mf": "0"
173           },
174           "ip.frag_offset": "0",
175           "ip.ttl": "64",
176           "ip.proto": "17",
177           "ip.checksum": "0x0000989e",
178           "ip.checksum.status": "2",
179           "ip.src": "192.168.0.1",
180           "ip.addr": "192.168.0.1",
181           "ip.src_host": "192.168.0.1",
182           "ip.host": "192.168.0.1",
183           "ip.dst": "192.168.0.160",
184           "ip.addr": "192.168.0.160",
185           "ip.dst_host": "192.168.0.160",
186           "ip.host": "192.168.0.160",
187           "Source GeoIP: Unknown": "",
188           "Destination GeoIP: Unknown": ""
189         },
190         "udp": {
191           "udp.srcport": "53",
192           "udp.dstport": "35041",
193           "udp.port": "53",
194           "udp.port": "35041",
195           "udp.length": "479",
196           "udp.checksum": "0x000083e2",
197           "udp.checksum.status": "2",
198           "udp.stream": "19"
199         },
200         "dns": {
201           "dns.response_to": "380",
202           "dns.time": "0.037843000",
203           "dns.id": "0x00000487",
204           "dns.flags": "0x00008180",
205           "dns.flags_tree": {
206             "dns.flags.response": "1",
207             "dns.flags.opcode": "0",
208             "dns.flags.authoritative": "0",
209             "dns.flags.truncated": "0",
210             "dns.flags.recdesired": "1",
211             "dns.flags.recavail": "1",
212             "dns.flags.z": "0",
213             "dns.flags.authenticated": "0",
214             "dns.flags.checkdisable": "0",
215             "dns.flags.rcode": "0"
216           },
217           "dns.count.queries": "1",
218           "dns.count.answers": "4",
219           "dns.count.auth_rr": "9",
220           "dns.count.add_rr": "9",
221           "Queries": {
222             "www2.meethue.com: type A, class IN": {
223               "dns.qry.name": "www2.meethue.com",
224               "dns.qry.name.len": "16",
225               "dns.count.labels": "3",
226               "dns.qry.type": "1",
227               "dns.qry.class": "0x00000001"
228             }
229           },
230           "Answers": {
231             "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
232               "dns.resp.name": "www2.meethue.com",
233               "dns.resp.type": "5",
234               "dns.resp.class": "0x00000001",
235               "dns.resp.ttl": "115",
236               "dns.resp.len": "41",
237               "dns.cname": "brands.lighting.philips.com.edgekey.net"
238             },
239             "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
240               "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
241               "dns.resp.type": "5",
242               "dns.resp.class": "0x00000001",
243               "dns.resp.ttl": "13313",
244               "dns.resp.len": "22",
245               "dns.cname": "e15361.b.akamaiedge.net"
246             },
247             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
248               "dns.resp.name": "e15361.b.akamaiedge.net",
249               "dns.resp.type": "1",
250               "dns.resp.class": "0x00000001",
251               "dns.resp.ttl": "20",
252               "dns.resp.len": "4",
253               "dns.a": "173.223.52.113"
254             },
255             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
256               "dns.resp.name": "e15361.b.akamaiedge.net",
257               "dns.resp.type": "1",
258               "dns.resp.class": "0x00000001",
259               "dns.resp.ttl": "20",
260               "dns.resp.len": "4",
261               "dns.a": "173.223.52.125"
262             }
263           },
264           "Authoritative nameservers": {
265             "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
266               "dns.resp.name": "b.akamaiedge.net",
267               "dns.resp.type": "2",
268               "dns.resp.class": "0x00000001",
269               "dns.resp.ttl": "485",
270               "dns.resp.len": "6",
271               "dns.ns": "n3b.akamaiedge.net"
272             },
273             "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
274               "dns.resp.name": "b.akamaiedge.net",
275               "dns.resp.type": "2",
276               "dns.resp.class": "0x00000001",
277               "dns.resp.ttl": "485",
278               "dns.resp.len": "6",
279               "dns.ns": "n7b.akamaiedge.net"
280             },
281             "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
282               "dns.resp.name": "b.akamaiedge.net",
283               "dns.resp.type": "2",
284               "dns.resp.class": "0x00000001",
285               "dns.resp.ttl": "485",
286               "dns.resp.len": "6",
287               "dns.ns": "n4b.akamaiedge.net"
288             },
289             "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
290               "dns.resp.name": "b.akamaiedge.net",
291               "dns.resp.type": "2",
292               "dns.resp.class": "0x00000001",
293               "dns.resp.ttl": "485",
294               "dns.resp.len": "6",
295               "dns.ns": "n6b.akamaiedge.net"
296             },
297             "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
298               "dns.resp.name": "b.akamaiedge.net",
299               "dns.resp.type": "2",
300               "dns.resp.class": "0x00000001",
301               "dns.resp.ttl": "485",
302               "dns.resp.len": "6",
303               "dns.ns": "n0b.akamaiedge.net"
304             },
305             "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
306               "dns.resp.name": "b.akamaiedge.net",
307               "dns.resp.type": "2",
308               "dns.resp.class": "0x00000001",
309               "dns.resp.ttl": "485",
310               "dns.resp.len": "6",
311               "dns.ns": "a0b.akamaiedge.net"
312             },
313             "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
314               "dns.resp.name": "b.akamaiedge.net",
315               "dns.resp.type": "2",
316               "dns.resp.class": "0x00000001",
317               "dns.resp.ttl": "485",
318               "dns.resp.len": "6",
319               "dns.ns": "n2b.akamaiedge.net"
320             },
321             "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
322               "dns.resp.name": "b.akamaiedge.net",
323               "dns.resp.type": "2",
324               "dns.resp.class": "0x00000001",
325               "dns.resp.ttl": "485",
326               "dns.resp.len": "6",
327               "dns.ns": "n1b.akamaiedge.net"
328             },
329             "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
330               "dns.resp.name": "b.akamaiedge.net",
331               "dns.resp.type": "2",
332               "dns.resp.class": "0x00000001",
333               "dns.resp.ttl": "485",
334               "dns.resp.len": "6",
335               "dns.ns": "n5b.akamaiedge.net"
336             }
337           },
338           "Additional records": {
339             "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
340               "dns.resp.name": "n0b.akamaiedge.net",
341               "dns.resp.type": "1",
342               "dns.resp.class": "0x00000001",
343               "dns.resp.ttl": "3795",
344               "dns.resp.len": "4",
345               "dns.a": "88.221.81.192"
346             },
347             "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
348               "dns.resp.name": "n1b.akamaiedge.net",
349               "dns.resp.type": "1",
350               "dns.resp.class": "0x00000001",
351               "dns.resp.ttl": "2515",
352               "dns.resp.len": "4",
353               "dns.a": "173.197.192.229"
354             },
355             "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
356               "dns.resp.name": "n2b.akamaiedge.net",
357               "dns.resp.type": "1",
358               "dns.resp.class": "0x00000001",
359               "dns.resp.ttl": "3016",
360               "dns.resp.len": "4",
361               "dns.a": "173.197.192.229"
362             },
363             "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
364               "dns.resp.name": "n3b.akamaiedge.net",
365               "dns.resp.type": "1",
366               "dns.resp.class": "0x00000001",
367               "dns.resp.ttl": "3200",
368               "dns.resp.len": "4",
369               "dns.a": "165.254.134.241"
370             },
371             "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
372               "dns.resp.name": "n4b.akamaiedge.net",
373               "dns.resp.type": "1",
374               "dns.resp.class": "0x00000001",
375               "dns.resp.ttl": "2106",
376               "dns.resp.len": "4",
377               "dns.a": "204.1.137.41"
378             },
379             "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
380               "dns.resp.name": "n5b.akamaiedge.net",
381               "dns.resp.type": "1",
382               "dns.resp.class": "0x00000001",
383               "dns.resp.ttl": "3857",
384               "dns.resp.len": "4",
385               "dns.a": "204.1.137.33"
386             },
387             "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
388               "dns.resp.name": "n6b.akamaiedge.net",
389               "dns.resp.type": "1",
390               "dns.resp.class": "0x00000001",
391               "dns.resp.ttl": "3654",
392               "dns.resp.len": "4",
393               "dns.a": "165.254.16.95"
394             },
395             "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
396               "dns.resp.name": "n7b.akamaiedge.net",
397               "dns.resp.type": "1",
398               "dns.resp.class": "0x00000001",
399               "dns.resp.ttl": "3718",
400               "dns.resp.len": "4",
401               "dns.a": "165.254.134.239"
402             },
403             "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
404               "dns.resp.name": "a0b.akamaiedge.net",
405               "dns.resp.type": "28",
406               "dns.resp.class": "0x00000001",
407               "dns.resp.ttl": "2491",
408               "dns.resp.len": "16",
409               "dns.aaaa": "2600:1480:e800::c0"
410             }
411           }
412         }
413       }
414     }
415   }
416   ,
417   {
418     "_index": "packets-2017-10-26",
419     "_type": "pcap_file",
420     "_score": null,
421     "_source": {
422       "layers": {
423         "frame": {
424           "frame.encap_type": "1",
425           "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT",
426           "frame.offset_shift": "0.000000000",
427           "frame.time_epoch": "1508458971.607393000",
428           "frame.time_delta": "4.029605000",
429           "frame.time_delta_displayed": "900.009394000",
430           "frame.time_relative": "1259.202189000",
431           "frame.number": "1239",
432           "frame.len": "76",
433           "frame.cap_len": "76",
434           "frame.marked": "0",
435           "frame.ignored": "0",
436           "frame.protocols": "eth:ethertype:ip:udp:dns",
437           "frame.coloring_rule.name": "UDP",
438           "frame.coloring_rule.string": "udp"
439         },
440         "eth": {
441           "eth.dst": "b0:b9:8a:73:69:8e",
442           "eth.dst_tree": {
443             "eth.dst_resolved": "Netgear_73:69:8e",
444             "eth.addr": "b0:b9:8a:73:69:8e",
445             "eth.addr_resolved": "Netgear_73:69:8e",
446             "eth.lg": "0",
447             "eth.ig": "0"
448           },
449           "eth.src": "00:17:88:69:ee:e4",
450           "eth.src_tree": {
451             "eth.src_resolved": "PhilipsL_69:ee:e4",
452             "eth.addr": "00:17:88:69:ee:e4",
453             "eth.addr_resolved": "PhilipsL_69:ee:e4",
454             "eth.lg": "0",
455             "eth.ig": "0"
456           },
457           "eth.type": "0x00000800"
458         },
459         "ip": {
460           "ip.version": "4",
461           "ip.hdr_len": "20",
462           "ip.dsfield": "0x00000000",
463           "ip.dsfield_tree": {
464             "ip.dsfield.dscp": "0",
465             "ip.dsfield.ecn": "0"
466           },
467           "ip.len": "62",
468           "ip.id": "0x00000103",
469           "ip.flags": "0x00000002",
470           "ip.flags_tree": {
471             "ip.flags.rb": "0",
472             "ip.flags.df": "1",
473             "ip.flags.mf": "0"
474           },
475           "ip.frag_offset": "0",
476           "ip.ttl": "64",
477           "ip.proto": "17",
478           "ip.checksum": "0x0000b7ba",
479           "ip.checksum.status": "2",
480           "ip.src": "192.168.0.160",
481           "ip.addr": "192.168.0.160",
482           "ip.src_host": "192.168.0.160",
483           "ip.host": "192.168.0.160",
484           "ip.dst": "192.168.0.1",
485           "ip.addr": "192.168.0.1",
486           "ip.dst_host": "192.168.0.1",
487           "ip.host": "192.168.0.1",
488           "Source GeoIP: Unknown": "",
489           "Destination GeoIP: Unknown": ""
490         },
491         "udp": {
492           "udp.srcport": "57902",
493           "udp.dstport": "53",
494           "udp.port": "57902",
495           "udp.port": "53",
496           "udp.length": "42",
497           "udp.checksum": "0x00007701",
498           "udp.checksum.status": "2",
499           "udp.stream": "36"
500         },
501         "dns": {
502           "dns.response_in": "1240",
503           "dns.id": "0x00000488",
504           "dns.flags": "0x00000100",
505           "dns.flags_tree": {
506             "dns.flags.response": "0",
507             "dns.flags.opcode": "0",
508             "dns.flags.truncated": "0",
509             "dns.flags.recdesired": "1",
510             "dns.flags.z": "0",
511             "dns.flags.checkdisable": "0"
512           },
513           "dns.count.queries": "1",
514           "dns.count.answers": "0",
515           "dns.count.auth_rr": "0",
516           "dns.count.add_rr": "0",
517           "Queries": {
518             "www2.meethue.com: type A, class IN": {
519               "dns.qry.name": "www2.meethue.com",
520               "dns.qry.name.len": "16",
521               "dns.count.labels": "3",
522               "dns.qry.type": "1",
523               "dns.qry.class": "0x00000001"
524             }
525           }
526         }
527       }
528     }
529   }
530   ,
531   {
532     "_index": "packets-2017-10-26",
533     "_type": "pcap_file",
534     "_score": null,
535     "_source": {
536       "layers": {
537         "frame": {
538           "frame.encap_type": "1",
539           "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT",
540           "frame.offset_shift": "0.000000000",
541           "frame.time_epoch": "1508458971.678853000",
542           "frame.time_delta": "0.071460000",
543           "frame.time_delta_displayed": "0.071460000",
544           "frame.time_relative": "1259.273649000",
545           "frame.number": "1240",
546           "frame.len": "467",
547           "frame.cap_len": "467",
548           "frame.marked": "0",
549           "frame.ignored": "0",
550           "frame.protocols": "eth:ethertype:ip:udp:dns",
551           "frame.coloring_rule.name": "UDP",
552           "frame.coloring_rule.string": "udp"
553         },
554         "eth": {
555           "eth.dst": "00:17:88:69:ee:e4",
556           "eth.dst_tree": {
557             "eth.dst_resolved": "PhilipsL_69:ee:e4",
558             "eth.addr": "00:17:88:69:ee:e4",
559             "eth.addr_resolved": "PhilipsL_69:ee:e4",
560             "eth.lg": "0",
561             "eth.ig": "0"
562           },
563           "eth.src": "b0:b9:8a:73:69:8e",
564           "eth.src_tree": {
565             "eth.src_resolved": "Netgear_73:69:8e",
566             "eth.addr": "b0:b9:8a:73:69:8e",
567             "eth.addr_resolved": "Netgear_73:69:8e",
568             "eth.lg": "0",
569             "eth.ig": "0"
570           },
571           "eth.type": "0x00000800"
572         },
573         "ip": {
574           "ip.version": "4",
575           "ip.hdr_len": "20",
576           "ip.dsfield": "0x00000000",
577           "ip.dsfield_tree": {
578             "ip.dsfield.dscp": "0",
579             "ip.dsfield.ecn": "0"
580           },
581           "ip.len": "453",
582           "ip.id": "0x00004f7c",
583           "ip.flags": "0x00000002",
584           "ip.flags_tree": {
585             "ip.flags.rb": "0",
586             "ip.flags.df": "1",
587             "ip.flags.mf": "0"
588           },
589           "ip.frag_offset": "0",
590           "ip.ttl": "64",
591           "ip.proto": "17",
592           "ip.checksum": "0x000067ba",
593           "ip.checksum.status": "2",
594           "ip.src": "192.168.0.1",
595           "ip.addr": "192.168.0.1",
596           "ip.src_host": "192.168.0.1",
597           "ip.host": "192.168.0.1",
598           "ip.dst": "192.168.0.160",
599           "ip.addr": "192.168.0.160",
600           "ip.dst_host": "192.168.0.160",
601           "ip.host": "192.168.0.160",
602           "Source GeoIP: Unknown": "",
603           "Destination GeoIP: Unknown": ""
604         },
605         "udp": {
606           "udp.srcport": "53",
607           "udp.dstport": "57902",
608           "udp.port": "53",
609           "udp.port": "57902",
610           "udp.length": "433",
611           "udp.checksum": "0x000083b4",
612           "udp.checksum.status": "2",
613           "udp.stream": "36"
614         },
615         "dns": {
616           "dns.response_to": "1239",
617           "dns.time": "0.071460000",
618           "dns.id": "0x00000488",
619           "dns.flags": "0x00008180",
620           "dns.flags_tree": {
621             "dns.flags.response": "1",
622             "dns.flags.opcode": "0",
623             "dns.flags.authoritative": "0",
624             "dns.flags.truncated": "0",
625             "dns.flags.recdesired": "1",
626             "dns.flags.recavail": "1",
627             "dns.flags.z": "0",
628             "dns.flags.authenticated": "0",
629             "dns.flags.checkdisable": "0",
630             "dns.flags.rcode": "0"
631           },
632           "dns.count.queries": "1",
633           "dns.count.answers": "4",
634           "dns.count.auth_rr": "8",
635           "dns.count.add_rr": "8",
636           "Queries": {
637             "www2.meethue.com: type A, class IN": {
638               "dns.qry.name": "www2.meethue.com",
639               "dns.qry.name.len": "16",
640               "dns.count.labels": "3",
641               "dns.qry.type": "1",
642               "dns.qry.class": "0x00000001"
643             }
644           },
645           "Answers": {
646             "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
647               "dns.resp.name": "www2.meethue.com",
648               "dns.resp.type": "5",
649               "dns.resp.class": "0x00000001",
650               "dns.resp.ttl": "115",
651               "dns.resp.len": "41",
652               "dns.cname": "brands.lighting.philips.com.edgekey.net"
653             },
654             "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
655               "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
656               "dns.resp.type": "5",
657               "dns.resp.class": "0x00000001",
658               "dns.resp.ttl": "12413",
659               "dns.resp.len": "22",
660               "dns.cname": "e15361.b.akamaiedge.net"
661             },
662             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
663               "dns.resp.name": "e15361.b.akamaiedge.net",
664               "dns.resp.type": "1",
665               "dns.resp.class": "0x00000001",
666               "dns.resp.ttl": "20",
667               "dns.resp.len": "4",
668               "dns.a": "173.223.52.113"
669             },
670             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
671               "dns.resp.name": "e15361.b.akamaiedge.net",
672               "dns.resp.type": "1",
673               "dns.resp.class": "0x00000001",
674               "dns.resp.ttl": "20",
675               "dns.resp.len": "4",
676               "dns.a": "173.223.52.125"
677             }
678           },
679           "Authoritative nameservers": {
680             "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
681               "dns.resp.name": "b.akamaiedge.net",
682               "dns.resp.type": "2",
683               "dns.resp.class": "0x00000001",
684               "dns.resp.ttl": "587",
685               "dns.resp.len": "6",
686               "dns.ns": "n0b.akamaiedge.net"
687             },
688             "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
689               "dns.resp.name": "b.akamaiedge.net",
690               "dns.resp.type": "2",
691               "dns.resp.class": "0x00000001",
692               "dns.resp.ttl": "587",
693               "dns.resp.len": "6",
694               "dns.ns": "n1b.akamaiedge.net"
695             },
696             "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
697               "dns.resp.name": "b.akamaiedge.net",
698               "dns.resp.type": "2",
699               "dns.resp.class": "0x00000001",
700               "dns.resp.ttl": "587",
701               "dns.resp.len": "6",
702               "dns.ns": "n3b.akamaiedge.net"
703             },
704             "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
705               "dns.resp.name": "b.akamaiedge.net",
706               "dns.resp.type": "2",
707               "dns.resp.class": "0x00000001",
708               "dns.resp.ttl": "587",
709               "dns.resp.len": "6",
710               "dns.ns": "n6b.akamaiedge.net"
711             },
712             "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
713               "dns.resp.name": "b.akamaiedge.net",
714               "dns.resp.type": "2",
715               "dns.resp.class": "0x00000001",
716               "dns.resp.ttl": "587",
717               "dns.resp.len": "6",
718               "dns.ns": "n7b.akamaiedge.net"
719             },
720             "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
721               "dns.resp.name": "b.akamaiedge.net",
722               "dns.resp.type": "2",
723               "dns.resp.class": "0x00000001",
724               "dns.resp.ttl": "587",
725               "dns.resp.len": "6",
726               "dns.ns": "n5b.akamaiedge.net"
727             },
728             "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
729               "dns.resp.name": "b.akamaiedge.net",
730               "dns.resp.type": "2",
731               "dns.resp.class": "0x00000001",
732               "dns.resp.ttl": "587",
733               "dns.resp.len": "6",
734               "dns.ns": "n2b.akamaiedge.net"
735             },
736             "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
737               "dns.resp.name": "b.akamaiedge.net",
738               "dns.resp.type": "2",
739               "dns.resp.class": "0x00000001",
740               "dns.resp.ttl": "587",
741               "dns.resp.len": "6",
742               "dns.ns": "n4b.akamaiedge.net"
743             }
744           },
745           "Additional records": {
746             "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
747               "dns.resp.name": "n0b.akamaiedge.net",
748               "dns.resp.type": "1",
749               "dns.resp.class": "0x00000001",
750               "dns.resp.ttl": "2895",
751               "dns.resp.len": "4",
752               "dns.a": "88.221.81.192"
753             },
754             "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
755               "dns.resp.name": "n1b.akamaiedge.net",
756               "dns.resp.type": "1",
757               "dns.resp.class": "0x00000001",
758               "dns.resp.ttl": "1615",
759               "dns.resp.len": "4",
760               "dns.a": "173.197.192.229"
761             },
762             "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
763               "dns.resp.name": "n2b.akamaiedge.net",
764               "dns.resp.type": "1",
765               "dns.resp.class": "0x00000001",
766               "dns.resp.ttl": "2116",
767               "dns.resp.len": "4",
768               "dns.a": "173.197.192.229"
769             },
770             "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
771               "dns.resp.name": "n3b.akamaiedge.net",
772               "dns.resp.type": "1",
773               "dns.resp.class": "0x00000001",
774               "dns.resp.ttl": "2300",
775               "dns.resp.len": "4",
776               "dns.a": "165.254.134.241"
777             },
778             "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
779               "dns.resp.name": "n4b.akamaiedge.net",
780               "dns.resp.type": "1",
781               "dns.resp.class": "0x00000001",
782               "dns.resp.ttl": "1206",
783               "dns.resp.len": "4",
784               "dns.a": "204.1.137.41"
785             },
786             "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
787               "dns.resp.name": "n5b.akamaiedge.net",
788               "dns.resp.type": "1",
789               "dns.resp.class": "0x00000001",
790               "dns.resp.ttl": "2957",
791               "dns.resp.len": "4",
792               "dns.a": "204.1.137.33"
793             },
794             "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
795               "dns.resp.name": "n6b.akamaiedge.net",
796               "dns.resp.type": "1",
797               "dns.resp.class": "0x00000001",
798               "dns.resp.ttl": "2754",
799               "dns.resp.len": "4",
800               "dns.a": "165.254.16.95"
801             },
802             "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
803               "dns.resp.name": "n7b.akamaiedge.net",
804               "dns.resp.type": "1",
805               "dns.resp.class": "0x00000001",
806               "dns.resp.ttl": "2818",
807               "dns.resp.len": "4",
808               "dns.a": "165.254.134.239"
809             }
810           }
811         }
812       }
813     }
814   }
815   ,
816   {
817     "_index": "packets-2017-10-26",
818     "_type": "pcap_file",
819     "_score": null,
820     "_source": {
821       "layers": {
822         "frame": {
823           "frame.encap_type": "1",
824           "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT",
825           "frame.offset_shift": "0.000000000",
826           "frame.time_epoch": "1508459603.045476000",
827           "frame.time_delta": "1.106645000",
828           "frame.time_delta_displayed": "631.366623000",
829           "frame.time_relative": "1890.640272000",
830           "frame.number": "1873",
831           "frame.len": "79",
832           "frame.cap_len": "79",
833           "frame.marked": "0",
834           "frame.ignored": "0",
835           "frame.protocols": "eth:ethertype:ip:udp:dns",
836           "frame.coloring_rule.name": "UDP",
837           "frame.coloring_rule.string": "udp"
838         },
839         "eth": {
840           "eth.dst": "b0:b9:8a:73:69:8e",
841           "eth.dst_tree": {
842             "eth.dst_resolved": "Netgear_73:69:8e",
843             "eth.addr": "b0:b9:8a:73:69:8e",
844             "eth.addr_resolved": "Netgear_73:69:8e",
845             "eth.lg": "0",
846             "eth.ig": "0"
847           },
848           "eth.src": "00:17:88:69:ee:e4",
849           "eth.src_tree": {
850             "eth.src_resolved": "PhilipsL_69:ee:e4",
851             "eth.addr": "00:17:88:69:ee:e4",
852             "eth.addr_resolved": "PhilipsL_69:ee:e4",
853             "eth.lg": "0",
854             "eth.ig": "0"
855           },
856           "eth.type": "0x00000800"
857         },
858         "ip": {
859           "ip.version": "4",
860           "ip.hdr_len": "20",
861           "ip.dsfield": "0x00000000",
862           "ip.dsfield_tree": {
863             "ip.dsfield.dscp": "0",
864             "ip.dsfield.ecn": "0"
865           },
866           "ip.len": "65",
867           "ip.id": "0x00001f1b",
868           "ip.flags": "0x00000002",
869           "ip.flags_tree": {
870             "ip.flags.rb": "0",
871             "ip.flags.df": "1",
872             "ip.flags.mf": "0"
873           },
874           "ip.frag_offset": "0",
875           "ip.ttl": "64",
876           "ip.proto": "17",
877           "ip.checksum": "0x0000999f",
878           "ip.checksum.status": "2",
879           "ip.src": "192.168.0.160",
880           "ip.addr": "192.168.0.160",
881           "ip.src_host": "192.168.0.160",
882           "ip.host": "192.168.0.160",
883           "ip.dst": "192.168.0.1",
884           "ip.addr": "192.168.0.1",
885           "ip.dst_host": "192.168.0.1",
886           "ip.host": "192.168.0.1",
887           "Source GeoIP: Unknown": "",
888           "Destination GeoIP: Unknown": ""
889         },
890         "udp": {
891           "udp.srcport": "44067",
892           "udp.dstport": "53",
893           "udp.port": "44067",
894           "udp.port": "53",
895           "udp.length": "45",
896           "udp.checksum": "0x00001491",
897           "udp.checksum.status": "2",
898           "udp.stream": "51"
899         },
900         "dns": {
901           "dns.response_in": "1874",
902           "dns.id": "0x00000489",
903           "dns.flags": "0x00000100",
904           "dns.flags_tree": {
905             "dns.flags.response": "0",
906             "dns.flags.opcode": "0",
907             "dns.flags.truncated": "0",
908             "dns.flags.recdesired": "1",
909             "dns.flags.z": "0",
910             "dns.flags.checkdisable": "0"
911           },
912           "dns.count.queries": "1",
913           "dns.count.answers": "0",
914           "dns.count.auth_rr": "0",
915           "dns.count.add_rr": "0",
916           "Queries": {
917             "dcp.cpp.philips.com: type AAAA, class IN": {
918               "dns.qry.name": "dcp.cpp.philips.com",
919               "dns.qry.name.len": "19",
920               "dns.count.labels": "4",
921               "dns.qry.type": "28",
922               "dns.qry.class": "0x00000001"
923             }
924           }
925         }
926       }
927     }
928   }
929   ,
930   {
931     "_index": "packets-2017-10-26",
932     "_type": "pcap_file",
933     "_score": null,
934     "_source": {
935       "layers": {
936         "frame": {
937           "frame.encap_type": "1",
938           "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT",
939           "frame.offset_shift": "0.000000000",
940           "frame.time_epoch": "1508459603.047090000",
941           "frame.time_delta": "0.001614000",
942           "frame.time_delta_displayed": "0.001614000",
943           "frame.time_relative": "1890.641886000",
944           "frame.number": "1874",
945           "frame.len": "137",
946           "frame.cap_len": "137",
947           "frame.marked": "0",
948           "frame.ignored": "0",
949           "frame.protocols": "eth:ethertype:ip:udp:dns",
950           "frame.coloring_rule.name": "UDP",
951           "frame.coloring_rule.string": "udp"
952         },
953         "eth": {
954           "eth.dst": "00:17:88:69:ee:e4",
955           "eth.dst_tree": {
956             "eth.dst_resolved": "PhilipsL_69:ee:e4",
957             "eth.addr": "00:17:88:69:ee:e4",
958             "eth.addr_resolved": "PhilipsL_69:ee:e4",
959             "eth.lg": "0",
960             "eth.ig": "0"
961           },
962           "eth.src": "b0:b9:8a:73:69:8e",
963           "eth.src_tree": {
964             "eth.src_resolved": "Netgear_73:69:8e",
965             "eth.addr": "b0:b9:8a:73:69:8e",
966             "eth.addr_resolved": "Netgear_73:69:8e",
967             "eth.lg": "0",
968             "eth.ig": "0"
969           },
970           "eth.type": "0x00000800"
971         },
972         "ip": {
973           "ip.version": "4",
974           "ip.hdr_len": "20",
975           "ip.dsfield": "0x00000000",
976           "ip.dsfield_tree": {
977             "ip.dsfield.dscp": "0",
978             "ip.dsfield.ecn": "0"
979           },
980           "ip.len": "123",
981           "ip.id": "0x00002b52",
982           "ip.flags": "0x00000002",
983           "ip.flags_tree": {
984             "ip.flags.rb": "0",
985             "ip.flags.df": "1",
986             "ip.flags.mf": "0"
987           },
988           "ip.frag_offset": "0",
989           "ip.ttl": "64",
990           "ip.proto": "17",
991           "ip.checksum": "0x00008d2e",
992           "ip.checksum.status": "2",
993           "ip.src": "192.168.0.1",
994           "ip.addr": "192.168.0.1",
995           "ip.src_host": "192.168.0.1",
996           "ip.host": "192.168.0.1",
997           "ip.dst": "192.168.0.160",
998           "ip.addr": "192.168.0.160",
999           "ip.dst_host": "192.168.0.160",
1000           "ip.host": "192.168.0.160",
1001           "Source GeoIP: Unknown": "",
1002           "Destination GeoIP: Unknown": ""
1003         },
1004         "udp": {
1005           "udp.srcport": "53",
1006           "udp.dstport": "44067",
1007           "udp.port": "53",
1008           "udp.port": "44067",
1009           "udp.length": "103",
1010           "udp.checksum": "0x0000826a",
1011           "udp.checksum.status": "2",
1012           "udp.stream": "51"
1013         },
1014         "dns": {
1015           "dns.response_to": "1873",
1016           "dns.time": "0.001614000",
1017           "dns.id": "0x00000489",
1018           "dns.flags": "0x00008180",
1019           "dns.flags_tree": {
1020             "dns.flags.response": "1",
1021             "dns.flags.opcode": "0",
1022             "dns.flags.authoritative": "0",
1023             "dns.flags.truncated": "0",
1024             "dns.flags.recdesired": "1",
1025             "dns.flags.recavail": "1",
1026             "dns.flags.z": "0",
1027             "dns.flags.authenticated": "0",
1028             "dns.flags.checkdisable": "0",
1029             "dns.flags.rcode": "0"
1030           },
1031           "dns.count.queries": "1",
1032           "dns.count.answers": "0",
1033           "dns.count.auth_rr": "1",
1034           "dns.count.add_rr": "0",
1035           "Queries": {
1036             "dcp.cpp.philips.com: type AAAA, class IN": {
1037               "dns.qry.name": "dcp.cpp.philips.com",
1038               "dns.qry.name.len": "19",
1039               "dns.count.labels": "4",
1040               "dns.qry.type": "28",
1041               "dns.qry.class": "0x00000001"
1042             }
1043           },
1044           "Authoritative nameservers": {
1045             "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
1046               "dns.resp.name": "cpp.philips.com",
1047               "dns.resp.type": "6",
1048               "dns.resp.class": "0x00000001",
1049               "dns.resp.ttl": "643",
1050               "dns.resp.len": "46",
1051               "dns.soa.mname": "ns1.ext.philips.com",
1052               "dns.soa.rname": "ddi-authority.philips.com",
1053               "dns.soa.serial_number": "387",
1054               "dns.soa.refresh_interval": "1200",
1055               "dns.soa.retry_interval": "300",
1056               "dns.soa.expire_limit": "1209600",
1057               "dns.soa.mininum_ttl": "3600"
1058             }
1059           }
1060         }
1061       }
1062     }
1063   }
1064   ,
1065   {
1066     "_index": "packets-2017-10-26",
1067     "_type": "pcap_file",
1068     "_score": null,
1069     "_source": {
1070       "layers": {
1071         "frame": {
1072           "frame.encap_type": "1",
1073           "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT",
1074           "frame.offset_shift": "0.000000000",
1075           "frame.time_epoch": "1508459603.048272000",
1076           "frame.time_delta": "0.001182000",
1077           "frame.time_delta_displayed": "0.001182000",
1078           "frame.time_relative": "1890.643068000",
1079           "frame.number": "1875",
1080           "frame.len": "79",
1081           "frame.cap_len": "79",
1082           "frame.marked": "0",
1083           "frame.ignored": "0",
1084           "frame.protocols": "eth:ethertype:ip:udp:dns",
1085           "frame.coloring_rule.name": "UDP",
1086           "frame.coloring_rule.string": "udp"
1087         },
1088         "eth": {
1089           "eth.dst": "b0:b9:8a:73:69:8e",
1090           "eth.dst_tree": {
1091             "eth.dst_resolved": "Netgear_73:69:8e",
1092             "eth.addr": "b0:b9:8a:73:69:8e",
1093             "eth.addr_resolved": "Netgear_73:69:8e",
1094             "eth.lg": "0",
1095             "eth.ig": "0"
1096           },
1097           "eth.src": "00:17:88:69:ee:e4",
1098           "eth.src_tree": {
1099             "eth.src_resolved": "PhilipsL_69:ee:e4",
1100             "eth.addr": "00:17:88:69:ee:e4",
1101             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1102             "eth.lg": "0",
1103             "eth.ig": "0"
1104           },
1105           "eth.type": "0x00000800"
1106         },
1107         "ip": {
1108           "ip.version": "4",
1109           "ip.hdr_len": "20",
1110           "ip.dsfield": "0x00000000",
1111           "ip.dsfield_tree": {
1112             "ip.dsfield.dscp": "0",
1113             "ip.dsfield.ecn": "0"
1114           },
1115           "ip.len": "65",
1116           "ip.id": "0x00001f1c",
1117           "ip.flags": "0x00000002",
1118           "ip.flags_tree": {
1119             "ip.flags.rb": "0",
1120             "ip.flags.df": "1",
1121             "ip.flags.mf": "0"
1122           },
1123           "ip.frag_offset": "0",
1124           "ip.ttl": "64",
1125           "ip.proto": "17",
1126           "ip.checksum": "0x0000999e",
1127           "ip.checksum.status": "2",
1128           "ip.src": "192.168.0.160",
1129           "ip.addr": "192.168.0.160",
1130           "ip.src_host": "192.168.0.160",
1131           "ip.host": "192.168.0.160",
1132           "ip.dst": "192.168.0.1",
1133           "ip.addr": "192.168.0.1",
1134           "ip.dst_host": "192.168.0.1",
1135           "ip.host": "192.168.0.1",
1136           "Source GeoIP: Unknown": "",
1137           "Destination GeoIP: Unknown": ""
1138         },
1139         "udp": {
1140           "udp.srcport": "51510",
1141           "udp.dstport": "53",
1142           "udp.port": "51510",
1143           "udp.port": "53",
1144           "udp.length": "45",
1145           "udp.checksum": "0x0000127d",
1146           "udp.checksum.status": "2",
1147           "udp.stream": "52"
1148         },
1149         "dns": {
1150           "dns.response_in": "1876",
1151           "dns.id": "0x0000048a",
1152           "dns.flags": "0x00000100",
1153           "dns.flags_tree": {
1154             "dns.flags.response": "0",
1155             "dns.flags.opcode": "0",
1156             "dns.flags.truncated": "0",
1157             "dns.flags.recdesired": "1",
1158             "dns.flags.z": "0",
1159             "dns.flags.checkdisable": "0"
1160           },
1161           "dns.count.queries": "1",
1162           "dns.count.answers": "0",
1163           "dns.count.auth_rr": "0",
1164           "dns.count.add_rr": "0",
1165           "Queries": {
1166             "dcp.cpp.philips.com: type A, class IN": {
1167               "dns.qry.name": "dcp.cpp.philips.com",
1168               "dns.qry.name.len": "19",
1169               "dns.count.labels": "4",
1170               "dns.qry.type": "1",
1171               "dns.qry.class": "0x00000001"
1172             }
1173           }
1174         }
1175       }
1176     }
1177   }
1178   ,
1179   {
1180     "_index": "packets-2017-10-26",
1181     "_type": "pcap_file",
1182     "_score": null,
1183     "_source": {
1184       "layers": {
1185         "frame": {
1186           "frame.encap_type": "1",
1187           "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT",
1188           "frame.offset_shift": "0.000000000",
1189           "frame.time_epoch": "1508459603.049516000",
1190           "frame.time_delta": "0.001244000",
1191           "frame.time_delta_displayed": "0.001244000",
1192           "frame.time_relative": "1890.644312000",
1193           "frame.number": "1876",
1194           "frame.len": "285",
1195           "frame.cap_len": "285",
1196           "frame.marked": "0",
1197           "frame.ignored": "0",
1198           "frame.protocols": "eth:ethertype:ip:udp:dns",
1199           "frame.coloring_rule.name": "UDP",
1200           "frame.coloring_rule.string": "udp"
1201         },
1202         "eth": {
1203           "eth.dst": "00:17:88:69:ee:e4",
1204           "eth.dst_tree": {
1205             "eth.dst_resolved": "PhilipsL_69:ee:e4",
1206             "eth.addr": "00:17:88:69:ee:e4",
1207             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1208             "eth.lg": "0",
1209             "eth.ig": "0"
1210           },
1211           "eth.src": "b0:b9:8a:73:69:8e",
1212           "eth.src_tree": {
1213             "eth.src_resolved": "Netgear_73:69:8e",
1214             "eth.addr": "b0:b9:8a:73:69:8e",
1215             "eth.addr_resolved": "Netgear_73:69:8e",
1216             "eth.lg": "0",
1217             "eth.ig": "0"
1218           },
1219           "eth.type": "0x00000800"
1220         },
1221         "ip": {
1222           "ip.version": "4",
1223           "ip.hdr_len": "20",
1224           "ip.dsfield": "0x00000000",
1225           "ip.dsfield_tree": {
1226             "ip.dsfield.dscp": "0",
1227             "ip.dsfield.ecn": "0"
1228           },
1229           "ip.len": "271",
1230           "ip.id": "0x00002b53",
1231           "ip.flags": "0x00000002",
1232           "ip.flags_tree": {
1233             "ip.flags.rb": "0",
1234             "ip.flags.df": "1",
1235             "ip.flags.mf": "0"
1236           },
1237           "ip.frag_offset": "0",
1238           "ip.ttl": "64",
1239           "ip.proto": "17",
1240           "ip.checksum": "0x00008c99",
1241           "ip.checksum.status": "2",
1242           "ip.src": "192.168.0.1",
1243           "ip.addr": "192.168.0.1",
1244           "ip.src_host": "192.168.0.1",
1245           "ip.host": "192.168.0.1",
1246           "ip.dst": "192.168.0.160",
1247           "ip.addr": "192.168.0.160",
1248           "ip.dst_host": "192.168.0.160",
1249           "ip.host": "192.168.0.160",
1250           "Source GeoIP: Unknown": "",
1251           "Destination GeoIP: Unknown": ""
1252         },
1253         "udp": {
1254           "udp.srcport": "53",
1255           "udp.dstport": "51510",
1256           "udp.port": "53",
1257           "udp.port": "51510",
1258           "udp.length": "251",
1259           "udp.checksum": "0x000082fe",
1260           "udp.checksum.status": "2",
1261           "udp.stream": "52"
1262         },
1263         "dns": {
1264           "dns.response_to": "1875",
1265           "dns.time": "0.001244000",
1266           "dns.id": "0x0000048a",
1267           "dns.flags": "0x00008180",
1268           "dns.flags_tree": {
1269             "dns.flags.response": "1",
1270             "dns.flags.opcode": "0",
1271             "dns.flags.authoritative": "0",
1272             "dns.flags.truncated": "0",
1273             "dns.flags.recdesired": "1",
1274             "dns.flags.recavail": "1",
1275             "dns.flags.z": "0",
1276             "dns.flags.authenticated": "0",
1277             "dns.flags.checkdisable": "0",
1278             "dns.flags.rcode": "0"
1279           },
1280           "dns.count.queries": "1",
1281           "dns.count.answers": "1",
1282           "dns.count.auth_rr": "3",
1283           "dns.count.add_rr": "6",
1284           "Queries": {
1285             "dcp.cpp.philips.com: type A, class IN": {
1286               "dns.qry.name": "dcp.cpp.philips.com",
1287               "dns.qry.name.len": "19",
1288               "dns.count.labels": "4",
1289               "dns.qry.type": "1",
1290               "dns.qry.class": "0x00000001"
1291             }
1292           },
1293           "Answers": {
1294             "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
1295               "dns.resp.name": "dcp.cpp.philips.com",
1296               "dns.resp.type": "1",
1297               "dns.resp.class": "0x00000001",
1298               "dns.resp.ttl": "644",
1299               "dns.resp.len": "4",
1300               "dns.a": "5.79.62.93"
1301             }
1302           },
1303           "Authoritative nameservers": {
1304             "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
1305               "dns.resp.name": "cpp.philips.com",
1306               "dns.resp.type": "2",
1307               "dns.resp.class": "0x00000001",
1308               "dns.resp.ttl": "644",
1309               "dns.resp.len": "10",
1310               "dns.ns": "ns1.ext.philips.com"
1311             },
1312             "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
1313               "dns.resp.name": "cpp.philips.com",
1314               "dns.resp.type": "2",
1315               "dns.resp.class": "0x00000001",
1316               "dns.resp.ttl": "644",
1317               "dns.resp.len": "6",
1318               "dns.ns": "ns2.ext.philips.com"
1319             },
1320             "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
1321               "dns.resp.name": "cpp.philips.com",
1322               "dns.resp.type": "2",
1323               "dns.resp.class": "0x00000001",
1324               "dns.resp.ttl": "644",
1325               "dns.resp.len": "6",
1326               "dns.ns": "ns3.ext.philips.com"
1327             }
1328           },
1329           "Additional records": {
1330             "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
1331               "dns.resp.name": "ns1.ext.philips.com",
1332               "dns.resp.type": "1",
1333               "dns.resp.class": "0x00000001",
1334               "dns.resp.ttl": "155007",
1335               "dns.resp.len": "4",
1336               "dns.a": "57.67.40.20"
1337             },
1338             "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
1339               "dns.resp.name": "ns2.ext.philips.com",
1340               "dns.resp.type": "1",
1341               "dns.resp.class": "0x00000001",
1342               "dns.resp.ttl": "3438",
1343               "dns.resp.len": "4",
1344               "dns.a": "57.77.21.76"
1345             },
1346             "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
1347               "dns.resp.name": "ns3.ext.philips.com",
1348               "dns.resp.type": "1",
1349               "dns.resp.class": "0x00000001",
1350               "dns.resp.ttl": "3438",
1351               "dns.resp.len": "4",
1352               "dns.a": "57.73.36.68"
1353             },
1354             "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
1355               "dns.resp.name": "ns1.ext.philips.com",
1356               "dns.resp.type": "28",
1357               "dns.resp.class": "0x00000001",
1358               "dns.resp.ttl": "158626",
1359               "dns.resp.len": "16",
1360               "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
1361             },
1362             "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
1363               "dns.resp.name": "ns2.ext.philips.com",
1364               "dns.resp.type": "28",
1365               "dns.resp.class": "0x00000001",
1366               "dns.resp.ttl": "151199",
1367               "dns.resp.len": "16",
1368               "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
1369             },
1370             "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
1371               "dns.resp.name": "ns3.ext.philips.com",
1372               "dns.resp.type": "28",
1373               "dns.resp.class": "0x00000001",
1374               "dns.resp.ttl": "151199",
1375               "dns.resp.len": "16",
1376               "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
1377             }
1378           }
1379         }
1380       }
1381     }
1382   }
1383   ,
1384   {
1385     "_index": "packets-2017-10-26",
1386     "_type": "pcap_file",
1387     "_score": null,
1388     "_source": {
1389       "layers": {
1390         "frame": {
1391           "frame.encap_type": "1",
1392           "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT",
1393           "frame.offset_shift": "0.000000000",
1394           "frame.time_epoch": "1508459603.470381000",
1395           "frame.time_delta": "0.000880000",
1396           "frame.time_delta_displayed": "0.420865000",
1397           "frame.time_relative": "1891.065177000",
1398           "frame.number": "1892",
1399           "frame.len": "79",
1400           "frame.cap_len": "79",
1401           "frame.marked": "0",
1402           "frame.ignored": "0",
1403           "frame.protocols": "eth:ethertype:ip:udp:dns",
1404           "frame.coloring_rule.name": "UDP",
1405           "frame.coloring_rule.string": "udp"
1406         },
1407         "eth": {
1408           "eth.dst": "b0:b9:8a:73:69:8e",
1409           "eth.dst_tree": {
1410             "eth.dst_resolved": "Netgear_73:69:8e",
1411             "eth.addr": "b0:b9:8a:73:69:8e",
1412             "eth.addr_resolved": "Netgear_73:69:8e",
1413             "eth.lg": "0",
1414             "eth.ig": "0"
1415           },
1416           "eth.src": "00:17:88:69:ee:e4",
1417           "eth.src_tree": {
1418             "eth.src_resolved": "PhilipsL_69:ee:e4",
1419             "eth.addr": "00:17:88:69:ee:e4",
1420             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1421             "eth.lg": "0",
1422             "eth.ig": "0"
1423           },
1424           "eth.type": "0x00000800"
1425         },
1426         "ip": {
1427           "ip.version": "4",
1428           "ip.hdr_len": "20",
1429           "ip.dsfield": "0x00000000",
1430           "ip.dsfield_tree": {
1431             "ip.dsfield.dscp": "0",
1432             "ip.dsfield.ecn": "0"
1433           },
1434           "ip.len": "65",
1435           "ip.id": "0x00001f22",
1436           "ip.flags": "0x00000002",
1437           "ip.flags_tree": {
1438             "ip.flags.rb": "0",
1439             "ip.flags.df": "1",
1440             "ip.flags.mf": "0"
1441           },
1442           "ip.frag_offset": "0",
1443           "ip.ttl": "64",
1444           "ip.proto": "17",
1445           "ip.checksum": "0x00009998",
1446           "ip.checksum.status": "2",
1447           "ip.src": "192.168.0.160",
1448           "ip.addr": "192.168.0.160",
1449           "ip.src_host": "192.168.0.160",
1450           "ip.host": "192.168.0.160",
1451           "ip.dst": "192.168.0.1",
1452           "ip.addr": "192.168.0.1",
1453           "ip.dst_host": "192.168.0.1",
1454           "ip.host": "192.168.0.1",
1455           "Source GeoIP: Unknown": "",
1456           "Destination GeoIP: Unknown": ""
1457         },
1458         "udp": {
1459           "udp.srcport": "44843",
1460           "udp.dstport": "53",
1461           "udp.port": "44843",
1462           "udp.port": "53",
1463           "udp.length": "45",
1464           "udp.checksum": "0x00001187",
1465           "udp.checksum.status": "2",
1466           "udp.stream": "53"
1467         },
1468         "dns": {
1469           "dns.response_in": "1893",
1470           "dns.id": "0x0000048b",
1471           "dns.flags": "0x00000100",
1472           "dns.flags_tree": {
1473             "dns.flags.response": "0",
1474             "dns.flags.opcode": "0",
1475             "dns.flags.truncated": "0",
1476             "dns.flags.recdesired": "1",
1477             "dns.flags.z": "0",
1478             "dns.flags.checkdisable": "0"
1479           },
1480           "dns.count.queries": "1",
1481           "dns.count.answers": "0",
1482           "dns.count.auth_rr": "0",
1483           "dns.count.add_rr": "0",
1484           "Queries": {
1485             "dcp.cpp.philips.com: type AAAA, class IN": {
1486               "dns.qry.name": "dcp.cpp.philips.com",
1487               "dns.qry.name.len": "19",
1488               "dns.count.labels": "4",
1489               "dns.qry.type": "28",
1490               "dns.qry.class": "0x00000001"
1491             }
1492           }
1493         }
1494       }
1495     }
1496   }
1497   ,
1498   {
1499     "_index": "packets-2017-10-26",
1500     "_type": "pcap_file",
1501     "_score": null,
1502     "_source": {
1503       "layers": {
1504         "frame": {
1505           "frame.encap_type": "1",
1506           "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT",
1507           "frame.offset_shift": "0.000000000",
1508           "frame.time_epoch": "1508459603.470880000",
1509           "frame.time_delta": "0.000499000",
1510           "frame.time_delta_displayed": "0.000499000",
1511           "frame.time_relative": "1891.065676000",
1512           "frame.number": "1893",
1513           "frame.len": "79",
1514           "frame.cap_len": "79",
1515           "frame.marked": "0",
1516           "frame.ignored": "0",
1517           "frame.protocols": "eth:ethertype:ip:udp:dns",
1518           "frame.coloring_rule.name": "UDP",
1519           "frame.coloring_rule.string": "udp"
1520         },
1521         "eth": {
1522           "eth.dst": "00:17:88:69:ee:e4",
1523           "eth.dst_tree": {
1524             "eth.dst_resolved": "PhilipsL_69:ee:e4",
1525             "eth.addr": "00:17:88:69:ee:e4",
1526             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1527             "eth.lg": "0",
1528             "eth.ig": "0"
1529           },
1530           "eth.src": "b0:b9:8a:73:69:8e",
1531           "eth.src_tree": {
1532             "eth.src_resolved": "Netgear_73:69:8e",
1533             "eth.addr": "b0:b9:8a:73:69:8e",
1534             "eth.addr_resolved": "Netgear_73:69:8e",
1535             "eth.lg": "0",
1536             "eth.ig": "0"
1537           },
1538           "eth.type": "0x00000800"
1539         },
1540         "ip": {
1541           "ip.version": "4",
1542           "ip.hdr_len": "20",
1543           "ip.dsfield": "0x00000000",
1544           "ip.dsfield_tree": {
1545             "ip.dsfield.dscp": "0",
1546             "ip.dsfield.ecn": "0"
1547           },
1548           "ip.len": "65",
1549           "ip.id": "0x00002b76",
1550           "ip.flags": "0x00000002",
1551           "ip.flags_tree": {
1552             "ip.flags.rb": "0",
1553             "ip.flags.df": "1",
1554             "ip.flags.mf": "0"
1555           },
1556           "ip.frag_offset": "0",
1557           "ip.ttl": "64",
1558           "ip.proto": "17",
1559           "ip.checksum": "0x00008d44",
1560           "ip.checksum.status": "2",
1561           "ip.src": "192.168.0.1",
1562           "ip.addr": "192.168.0.1",
1563           "ip.src_host": "192.168.0.1",
1564           "ip.host": "192.168.0.1",
1565           "ip.dst": "192.168.0.160",
1566           "ip.addr": "192.168.0.160",
1567           "ip.dst_host": "192.168.0.160",
1568           "ip.host": "192.168.0.160",
1569           "Source GeoIP: Unknown": "",
1570           "Destination GeoIP: Unknown": ""
1571         },
1572         "udp": {
1573           "udp.srcport": "53",
1574           "udp.dstport": "44843",
1575           "udp.port": "53",
1576           "udp.port": "44843",
1577           "udp.length": "45",
1578           "udp.checksum": "0x00008230",
1579           "udp.checksum.status": "2",
1580           "udp.stream": "53"
1581         },
1582         "dns": {
1583           "dns.response_to": "1892",
1584           "dns.time": "0.000499000",
1585           "dns.id": "0x0000048b",
1586           "dns.flags": "0x00008180",
1587           "dns.flags_tree": {
1588             "dns.flags.response": "1",
1589             "dns.flags.opcode": "0",
1590             "dns.flags.authoritative": "0",
1591             "dns.flags.truncated": "0",
1592             "dns.flags.recdesired": "1",
1593             "dns.flags.recavail": "1",
1594             "dns.flags.z": "0",
1595             "dns.flags.authenticated": "0",
1596             "dns.flags.checkdisable": "0",
1597             "dns.flags.rcode": "0"
1598           },
1599           "dns.count.queries": "1",
1600           "dns.count.answers": "0",
1601           "dns.count.auth_rr": "0",
1602           "dns.count.add_rr": "0",
1603           "Queries": {
1604             "dcp.cpp.philips.com: type AAAA, class IN": {
1605               "dns.qry.name": "dcp.cpp.philips.com",
1606               "dns.qry.name.len": "19",
1607               "dns.count.labels": "4",
1608               "dns.qry.type": "28",
1609               "dns.qry.class": "0x00000001"
1610             }
1611           }
1612         }
1613       }
1614     }
1615   }
1616   ,
1617   {
1618     "_index": "packets-2017-10-26",
1619     "_type": "pcap_file",
1620     "_score": null,
1621     "_source": {
1622       "layers": {
1623         "frame": {
1624           "frame.encap_type": "1",
1625           "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT",
1626           "frame.offset_shift": "0.000000000",
1627           "frame.time_epoch": "1508459603.471684000",
1628           "frame.time_delta": "0.000804000",
1629           "frame.time_delta_displayed": "0.000804000",
1630           "frame.time_relative": "1891.066480000",
1631           "frame.number": "1894",
1632           "frame.len": "79",
1633           "frame.cap_len": "79",
1634           "frame.marked": "0",
1635           "frame.ignored": "0",
1636           "frame.protocols": "eth:ethertype:ip:udp:dns",
1637           "frame.coloring_rule.name": "UDP",
1638           "frame.coloring_rule.string": "udp"
1639         },
1640         "eth": {
1641           "eth.dst": "b0:b9:8a:73:69:8e",
1642           "eth.dst_tree": {
1643             "eth.dst_resolved": "Netgear_73:69:8e",
1644             "eth.addr": "b0:b9:8a:73:69:8e",
1645             "eth.addr_resolved": "Netgear_73:69:8e",
1646             "eth.lg": "0",
1647             "eth.ig": "0"
1648           },
1649           "eth.src": "00:17:88:69:ee:e4",
1650           "eth.src_tree": {
1651             "eth.src_resolved": "PhilipsL_69:ee:e4",
1652             "eth.addr": "00:17:88:69:ee:e4",
1653             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1654             "eth.lg": "0",
1655             "eth.ig": "0"
1656           },
1657           "eth.type": "0x00000800"
1658         },
1659         "ip": {
1660           "ip.version": "4",
1661           "ip.hdr_len": "20",
1662           "ip.dsfield": "0x00000000",
1663           "ip.dsfield_tree": {
1664             "ip.dsfield.dscp": "0",
1665             "ip.dsfield.ecn": "0"
1666           },
1667           "ip.len": "65",
1668           "ip.id": "0x00001f23",
1669           "ip.flags": "0x00000002",
1670           "ip.flags_tree": {
1671             "ip.flags.rb": "0",
1672             "ip.flags.df": "1",
1673             "ip.flags.mf": "0"
1674           },
1675           "ip.frag_offset": "0",
1676           "ip.ttl": "64",
1677           "ip.proto": "17",
1678           "ip.checksum": "0x00009997",
1679           "ip.checksum.status": "2",
1680           "ip.src": "192.168.0.160",
1681           "ip.addr": "192.168.0.160",
1682           "ip.src_host": "192.168.0.160",
1683           "ip.host": "192.168.0.160",
1684           "ip.dst": "192.168.0.1",
1685           "ip.addr": "192.168.0.1",
1686           "ip.dst_host": "192.168.0.1",
1687           "ip.host": "192.168.0.1",
1688           "Source GeoIP: Unknown": "",
1689           "Destination GeoIP: Unknown": ""
1690         },
1691         "udp": {
1692           "udp.srcport": "40021",
1693           "udp.dstport": "53",
1694           "udp.port": "40021",
1695           "udp.port": "53",
1696           "udp.length": "45",
1697           "udp.checksum": "0x00003f5c",
1698           "udp.checksum.status": "2",
1699           "udp.stream": "54"
1700         },
1701         "dns": {
1702           "dns.response_in": "1895",
1703           "dns.id": "0x0000048c",
1704           "dns.flags": "0x00000100",
1705           "dns.flags_tree": {
1706             "dns.flags.response": "0",
1707             "dns.flags.opcode": "0",
1708             "dns.flags.truncated": "0",
1709             "dns.flags.recdesired": "1",
1710             "dns.flags.z": "0",
1711             "dns.flags.checkdisable": "0"
1712           },
1713           "dns.count.queries": "1",
1714           "dns.count.answers": "0",
1715           "dns.count.auth_rr": "0",
1716           "dns.count.add_rr": "0",
1717           "Queries": {
1718             "dcp.cpp.philips.com: type A, class IN": {
1719               "dns.qry.name": "dcp.cpp.philips.com",
1720               "dns.qry.name.len": "19",
1721               "dns.count.labels": "4",
1722               "dns.qry.type": "1",
1723               "dns.qry.class": "0x00000001"
1724             }
1725           }
1726         }
1727       }
1728     }
1729   }
1730   ,
1731   {
1732     "_index": "packets-2017-10-26",
1733     "_type": "pcap_file",
1734     "_score": null,
1735     "_source": {
1736       "layers": {
1737         "frame": {
1738           "frame.encap_type": "1",
1739           "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT",
1740           "frame.offset_shift": "0.000000000",
1741           "frame.time_epoch": "1508459603.472192000",
1742           "frame.time_delta": "0.000508000",
1743           "frame.time_delta_displayed": "0.000508000",
1744           "frame.time_relative": "1891.066988000",
1745           "frame.number": "1895",
1746           "frame.len": "95",
1747           "frame.cap_len": "95",
1748           "frame.marked": "0",
1749           "frame.ignored": "0",
1750           "frame.protocols": "eth:ethertype:ip:udp:dns",
1751           "frame.coloring_rule.name": "UDP",
1752           "frame.coloring_rule.string": "udp"
1753         },
1754         "eth": {
1755           "eth.dst": "00:17:88:69:ee:e4",
1756           "eth.dst_tree": {
1757             "eth.dst_resolved": "PhilipsL_69:ee:e4",
1758             "eth.addr": "00:17:88:69:ee:e4",
1759             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1760             "eth.lg": "0",
1761             "eth.ig": "0"
1762           },
1763           "eth.src": "b0:b9:8a:73:69:8e",
1764           "eth.src_tree": {
1765             "eth.src_resolved": "Netgear_73:69:8e",
1766             "eth.addr": "b0:b9:8a:73:69:8e",
1767             "eth.addr_resolved": "Netgear_73:69:8e",
1768             "eth.lg": "0",
1769             "eth.ig": "0"
1770           },
1771           "eth.type": "0x00000800"
1772         },
1773         "ip": {
1774           "ip.version": "4",
1775           "ip.hdr_len": "20",
1776           "ip.dsfield": "0x00000000",
1777           "ip.dsfield_tree": {
1778             "ip.dsfield.dscp": "0",
1779             "ip.dsfield.ecn": "0"
1780           },
1781           "ip.len": "81",
1782           "ip.id": "0x00002b77",
1783           "ip.flags": "0x00000002",
1784           "ip.flags_tree": {
1785             "ip.flags.rb": "0",
1786             "ip.flags.df": "1",
1787             "ip.flags.mf": "0"
1788           },
1789           "ip.frag_offset": "0",
1790           "ip.ttl": "64",
1791           "ip.proto": "17",
1792           "ip.checksum": "0x00008d33",
1793           "ip.checksum.status": "2",
1794           "ip.src": "192.168.0.1",
1795           "ip.addr": "192.168.0.1",
1796           "ip.src_host": "192.168.0.1",
1797           "ip.host": "192.168.0.1",
1798           "ip.dst": "192.168.0.160",
1799           "ip.addr": "192.168.0.160",
1800           "ip.dst_host": "192.168.0.160",
1801           "ip.host": "192.168.0.160",
1802           "Source GeoIP: Unknown": "",
1803           "Destination GeoIP: Unknown": ""
1804         },
1805         "udp": {
1806           "udp.srcport": "53",
1807           "udp.dstport": "40021",
1808           "udp.port": "53",
1809           "udp.port": "40021",
1810           "udp.length": "61",
1811           "udp.checksum": "0x00008240",
1812           "udp.checksum.status": "2",
1813           "udp.stream": "54"
1814         },
1815         "dns": {
1816           "dns.response_to": "1894",
1817           "dns.time": "0.000508000",
1818           "dns.id": "0x0000048c",
1819           "dns.flags": "0x00008180",
1820           "dns.flags_tree": {
1821             "dns.flags.response": "1",
1822             "dns.flags.opcode": "0",
1823             "dns.flags.authoritative": "0",
1824             "dns.flags.truncated": "0",
1825             "dns.flags.recdesired": "1",
1826             "dns.flags.recavail": "1",
1827             "dns.flags.z": "0",
1828             "dns.flags.authenticated": "0",
1829             "dns.flags.checkdisable": "0",
1830             "dns.flags.rcode": "0"
1831           },
1832           "dns.count.queries": "1",
1833           "dns.count.answers": "1",
1834           "dns.count.auth_rr": "0",
1835           "dns.count.add_rr": "0",
1836           "Queries": {
1837             "dcp.cpp.philips.com: type A, class IN": {
1838               "dns.qry.name": "dcp.cpp.philips.com",
1839               "dns.qry.name.len": "19",
1840               "dns.count.labels": "4",
1841               "dns.qry.type": "1",
1842               "dns.qry.class": "0x00000001"
1843             }
1844           },
1845           "Answers": {
1846             "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
1847               "dns.resp.name": "dcp.cpp.philips.com",
1848               "dns.resp.type": "1",
1849               "dns.resp.class": "0x00000001",
1850               "dns.resp.ttl": "644",
1851               "dns.resp.len": "4",
1852               "dns.a": "5.79.62.93"
1853             }
1854           }
1855         }
1856       }
1857     }
1858   }
1859   ,
1860   {
1861     "_index": "packets-2017-10-26",
1862     "_type": "pcap_file",
1863     "_score": null,
1864     "_source": {
1865       "layers": {
1866         "frame": {
1867           "frame.encap_type": "1",
1868           "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT",
1869           "frame.offset_shift": "0.000000000",
1870           "frame.time_epoch": "1508459871.689099000",
1871           "frame.time_delta": "0.145237000",
1872           "frame.time_delta_displayed": "268.216907000",
1873           "frame.time_relative": "2159.283895000",
1874           "frame.number": "2153",
1875           "frame.len": "76",
1876           "frame.cap_len": "76",
1877           "frame.marked": "0",
1878           "frame.ignored": "0",
1879           "frame.protocols": "eth:ethertype:ip:udp:dns",
1880           "frame.coloring_rule.name": "UDP",
1881           "frame.coloring_rule.string": "udp"
1882         },
1883         "eth": {
1884           "eth.dst": "b0:b9:8a:73:69:8e",
1885           "eth.dst_tree": {
1886             "eth.dst_resolved": "Netgear_73:69:8e",
1887             "eth.addr": "b0:b9:8a:73:69:8e",
1888             "eth.addr_resolved": "Netgear_73:69:8e",
1889             "eth.lg": "0",
1890             "eth.ig": "0"
1891           },
1892           "eth.src": "00:17:88:69:ee:e4",
1893           "eth.src_tree": {
1894             "eth.src_resolved": "PhilipsL_69:ee:e4",
1895             "eth.addr": "00:17:88:69:ee:e4",
1896             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1897             "eth.lg": "0",
1898             "eth.ig": "0"
1899           },
1900           "eth.type": "0x00000800"
1901         },
1902         "ip": {
1903           "ip.version": "4",
1904           "ip.hdr_len": "20",
1905           "ip.dsfield": "0x00000000",
1906           "ip.dsfield_tree": {
1907             "ip.dsfield.dscp": "0",
1908             "ip.dsfield.ecn": "0"
1909           },
1910           "ip.len": "62",
1911           "ip.id": "0x000053f4",
1912           "ip.flags": "0x00000002",
1913           "ip.flags_tree": {
1914             "ip.flags.rb": "0",
1915             "ip.flags.df": "1",
1916             "ip.flags.mf": "0"
1917           },
1918           "ip.frag_offset": "0",
1919           "ip.ttl": "64",
1920           "ip.proto": "17",
1921           "ip.checksum": "0x000064c9",
1922           "ip.checksum.status": "2",
1923           "ip.src": "192.168.0.160",
1924           "ip.addr": "192.168.0.160",
1925           "ip.src_host": "192.168.0.160",
1926           "ip.host": "192.168.0.160",
1927           "ip.dst": "192.168.0.1",
1928           "ip.addr": "192.168.0.1",
1929           "ip.dst_host": "192.168.0.1",
1930           "ip.host": "192.168.0.1",
1931           "Source GeoIP: Unknown": "",
1932           "Destination GeoIP: Unknown": ""
1933         },
1934         "udp": {
1935           "udp.srcport": "49510",
1936           "udp.dstport": "53",
1937           "udp.port": "49510",
1938           "udp.port": "53",
1939           "udp.length": "42",
1940           "udp.checksum": "0x000097c4",
1941           "udp.checksum.status": "2",
1942           "udp.stream": "60"
1943         },
1944         "dns": {
1945           "dns.response_in": "2154",
1946           "dns.id": "0x0000048d",
1947           "dns.flags": "0x00000100",
1948           "dns.flags_tree": {
1949             "dns.flags.response": "0",
1950             "dns.flags.opcode": "0",
1951             "dns.flags.truncated": "0",
1952             "dns.flags.recdesired": "1",
1953             "dns.flags.z": "0",
1954             "dns.flags.checkdisable": "0"
1955           },
1956           "dns.count.queries": "1",
1957           "dns.count.answers": "0",
1958           "dns.count.auth_rr": "0",
1959           "dns.count.add_rr": "0",
1960           "Queries": {
1961             "www2.meethue.com: type A, class IN": {
1962               "dns.qry.name": "www2.meethue.com",
1963               "dns.qry.name.len": "16",
1964               "dns.count.labels": "3",
1965               "dns.qry.type": "1",
1966               "dns.qry.class": "0x00000001"
1967             }
1968           }
1969         }
1970       }
1971     }
1972   }
1973   ,
1974   {
1975     "_index": "packets-2017-10-26",
1976     "_type": "pcap_file",
1977     "_score": null,
1978     "_source": {
1979       "layers": {
1980         "frame": {
1981           "frame.encap_type": "1",
1982           "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT",
1983           "frame.offset_shift": "0.000000000",
1984           "frame.time_epoch": "1508459871.695550000",
1985           "frame.time_delta": "0.006451000",
1986           "frame.time_delta_displayed": "0.006451000",
1987           "frame.time_relative": "2159.290346000",
1988           "frame.number": "2154",
1989           "frame.len": "513",
1990           "frame.cap_len": "513",
1991           "frame.marked": "0",
1992           "frame.ignored": "0",
1993           "frame.protocols": "eth:ethertype:ip:udp:dns",
1994           "frame.coloring_rule.name": "UDP",
1995           "frame.coloring_rule.string": "udp"
1996         },
1997         "eth": {
1998           "eth.dst": "00:17:88:69:ee:e4",
1999           "eth.dst_tree": {
2000             "eth.dst_resolved": "PhilipsL_69:ee:e4",
2001             "eth.addr": "00:17:88:69:ee:e4",
2002             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2003             "eth.lg": "0",
2004             "eth.ig": "0"
2005           },
2006           "eth.src": "b0:b9:8a:73:69:8e",
2007           "eth.src_tree": {
2008             "eth.src_resolved": "Netgear_73:69:8e",
2009             "eth.addr": "b0:b9:8a:73:69:8e",
2010             "eth.addr_resolved": "Netgear_73:69:8e",
2011             "eth.lg": "0",
2012             "eth.ig": "0"
2013           },
2014           "eth.type": "0x00000800"
2015         },
2016         "ip": {
2017           "ip.version": "4",
2018           "ip.hdr_len": "20",
2019           "ip.dsfield": "0x00000000",
2020           "ip.dsfield_tree": {
2021             "ip.dsfield.dscp": "0",
2022             "ip.dsfield.ecn": "0"
2023           },
2024           "ip.len": "499",
2025           "ip.id": "0x0000851c",
2026           "ip.flags": "0x00000002",
2027           "ip.flags_tree": {
2028             "ip.flags.rb": "0",
2029             "ip.flags.df": "1",
2030             "ip.flags.mf": "0"
2031           },
2032           "ip.frag_offset": "0",
2033           "ip.ttl": "64",
2034           "ip.proto": "17",
2035           "ip.checksum": "0x000031ec",
2036           "ip.checksum.status": "2",
2037           "ip.src": "192.168.0.1",
2038           "ip.addr": "192.168.0.1",
2039           "ip.src_host": "192.168.0.1",
2040           "ip.host": "192.168.0.1",
2041           "ip.dst": "192.168.0.160",
2042           "ip.addr": "192.168.0.160",
2043           "ip.dst_host": "192.168.0.160",
2044           "ip.host": "192.168.0.160",
2045           "Source GeoIP: Unknown": "",
2046           "Destination GeoIP: Unknown": ""
2047         },
2048         "udp": {
2049           "udp.srcport": "53",
2050           "udp.dstport": "49510",
2051           "udp.port": "53",
2052           "udp.port": "49510",
2053           "udp.length": "479",
2054           "udp.checksum": "0x000083e2",
2055           "udp.checksum.status": "2",
2056           "udp.stream": "60"
2057         },
2058         "dns": {
2059           "dns.response_to": "2153",
2060           "dns.time": "0.006451000",
2061           "dns.id": "0x0000048d",
2062           "dns.flags": "0x00008180",
2063           "dns.flags_tree": {
2064             "dns.flags.response": "1",
2065             "dns.flags.opcode": "0",
2066             "dns.flags.authoritative": "0",
2067             "dns.flags.truncated": "0",
2068             "dns.flags.recdesired": "1",
2069             "dns.flags.recavail": "1",
2070             "dns.flags.z": "0",
2071             "dns.flags.authenticated": "0",
2072             "dns.flags.checkdisable": "0",
2073             "dns.flags.rcode": "0"
2074           },
2075           "dns.count.queries": "1",
2076           "dns.count.answers": "4",
2077           "dns.count.auth_rr": "9",
2078           "dns.count.add_rr": "9",
2079           "Queries": {
2080             "www2.meethue.com: type A, class IN": {
2081               "dns.qry.name": "www2.meethue.com",
2082               "dns.qry.name.len": "16",
2083               "dns.count.labels": "3",
2084               "dns.qry.type": "1",
2085               "dns.qry.class": "0x00000001"
2086             }
2087           },
2088           "Answers": {
2089             "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
2090               "dns.resp.name": "www2.meethue.com",
2091               "dns.resp.type": "5",
2092               "dns.resp.class": "0x00000001",
2093               "dns.resp.ttl": "141",
2094               "dns.resp.len": "41",
2095               "dns.cname": "brands.lighting.philips.com.edgekey.net"
2096             },
2097             "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
2098               "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
2099               "dns.resp.type": "5",
2100               "dns.resp.class": "0x00000001",
2101               "dns.resp.ttl": "13111",
2102               "dns.resp.len": "22",
2103               "dns.cname": "e15361.b.akamaiedge.net"
2104             },
2105             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
2106               "dns.resp.name": "e15361.b.akamaiedge.net",
2107               "dns.resp.type": "1",
2108               "dns.resp.class": "0x00000001",
2109               "dns.resp.ttl": "20",
2110               "dns.resp.len": "4",
2111               "dns.a": "173.223.52.125"
2112             },
2113             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
2114               "dns.resp.name": "e15361.b.akamaiedge.net",
2115               "dns.resp.type": "1",
2116               "dns.resp.class": "0x00000001",
2117               "dns.resp.ttl": "20",
2118               "dns.resp.len": "4",
2119               "dns.a": "173.223.52.113"
2120             }
2121           },
2122           "Authoritative nameservers": {
2123             "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
2124               "dns.resp.name": "b.akamaiedge.net",
2125               "dns.resp.type": "2",
2126               "dns.resp.class": "0x00000001",
2127               "dns.resp.ttl": "2774",
2128               "dns.resp.len": "6",
2129               "dns.ns": "n0b.akamaiedge.net"
2130             },
2131             "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
2132               "dns.resp.name": "b.akamaiedge.net",
2133               "dns.resp.type": "2",
2134               "dns.resp.class": "0x00000001",
2135               "dns.resp.ttl": "2774",
2136               "dns.resp.len": "6",
2137               "dns.ns": "n1b.akamaiedge.net"
2138             },
2139             "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
2140               "dns.resp.name": "b.akamaiedge.net",
2141               "dns.resp.type": "2",
2142               "dns.resp.class": "0x00000001",
2143               "dns.resp.ttl": "2774",
2144               "dns.resp.len": "6",
2145               "dns.ns": "n4b.akamaiedge.net"
2146             },
2147             "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
2148               "dns.resp.name": "b.akamaiedge.net",
2149               "dns.resp.type": "2",
2150               "dns.resp.class": "0x00000001",
2151               "dns.resp.ttl": "2774",
2152               "dns.resp.len": "6",
2153               "dns.ns": "n5b.akamaiedge.net"
2154             },
2155             "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
2156               "dns.resp.name": "b.akamaiedge.net",
2157               "dns.resp.type": "2",
2158               "dns.resp.class": "0x00000001",
2159               "dns.resp.ttl": "2774",
2160               "dns.resp.len": "6",
2161               "dns.ns": "a0b.akamaiedge.net"
2162             },
2163             "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
2164               "dns.resp.name": "b.akamaiedge.net",
2165               "dns.resp.type": "2",
2166               "dns.resp.class": "0x00000001",
2167               "dns.resp.ttl": "2774",
2168               "dns.resp.len": "6",
2169               "dns.ns": "n3b.akamaiedge.net"
2170             },
2171             "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
2172               "dns.resp.name": "b.akamaiedge.net",
2173               "dns.resp.type": "2",
2174               "dns.resp.class": "0x00000001",
2175               "dns.resp.ttl": "2774",
2176               "dns.resp.len": "6",
2177               "dns.ns": "n2b.akamaiedge.net"
2178             },
2179             "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
2180               "dns.resp.name": "b.akamaiedge.net",
2181               "dns.resp.type": "2",
2182               "dns.resp.class": "0x00000001",
2183               "dns.resp.ttl": "2774",
2184               "dns.resp.len": "6",
2185               "dns.ns": "n6b.akamaiedge.net"
2186             },
2187             "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
2188               "dns.resp.name": "b.akamaiedge.net",
2189               "dns.resp.type": "2",
2190               "dns.resp.class": "0x00000001",
2191               "dns.resp.ttl": "2774",
2192               "dns.resp.len": "6",
2193               "dns.ns": "n7b.akamaiedge.net"
2194             }
2195           },
2196           "Additional records": {
2197             "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
2198               "dns.resp.name": "n0b.akamaiedge.net",
2199               "dns.resp.type": "1",
2200               "dns.resp.class": "0x00000001",
2201               "dns.resp.ttl": "294",
2202               "dns.resp.len": "4",
2203               "dns.a": "88.221.81.192"
2204             },
2205             "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
2206               "dns.resp.name": "n1b.akamaiedge.net",
2207               "dns.resp.type": "1",
2208               "dns.resp.class": "0x00000001",
2209               "dns.resp.ttl": "4838",
2210               "dns.resp.len": "4",
2211               "dns.a": "165.254.134.240"
2212             },
2213             "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
2214               "dns.resp.name": "n2b.akamaiedge.net",
2215               "dns.resp.type": "1",
2216               "dns.resp.class": "0x00000001",
2217               "dns.resp.ttl": "7614",
2218               "dns.resp.len": "4",
2219               "dns.a": "165.254.16.89"
2220             },
2221             "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
2222               "dns.resp.name": "n3b.akamaiedge.net",
2223               "dns.resp.type": "1",
2224               "dns.resp.class": "0x00000001",
2225               "dns.resp.ttl": "3676",
2226               "dns.resp.len": "4",
2227               "dns.a": "165.254.16.90"
2228             },
2229             "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
2230               "dns.resp.name": "n4b.akamaiedge.net",
2231               "dns.resp.type": "1",
2232               "dns.resp.class": "0x00000001",
2233               "dns.resp.ttl": "4084",
2234               "dns.resp.len": "4",
2235               "dns.a": "165.254.16.94"
2236             },
2237             "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
2238               "dns.resp.name": "n5b.akamaiedge.net",
2239               "dns.resp.type": "1",
2240               "dns.resp.class": "0x00000001",
2241               "dns.resp.ttl": "4641",
2242               "dns.resp.len": "4",
2243               "dns.a": "165.254.134.244"
2244             },
2245             "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
2246               "dns.resp.name": "n6b.akamaiedge.net",
2247               "dns.resp.type": "1",
2248               "dns.resp.class": "0x00000001",
2249               "dns.resp.ttl": "218",
2250               "dns.resp.len": "4",
2251               "dns.a": "165.254.134.246"
2252             },
2253             "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
2254               "dns.resp.name": "n7b.akamaiedge.net",
2255               "dns.resp.type": "1",
2256               "dns.resp.class": "0x00000001",
2257               "dns.resp.ttl": "2322",
2258               "dns.resp.len": "4",
2259               "dns.a": "165.254.134.232"
2260             },
2261             "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
2262               "dns.resp.name": "a0b.akamaiedge.net",
2263               "dns.resp.type": "28",
2264               "dns.resp.class": "0x00000001",
2265               "dns.resp.ttl": "4774",
2266               "dns.resp.len": "16",
2267               "dns.aaaa": "2600:1480:e800::c0"
2268             }
2269           }
2270         }
2271       }
2272     }
2273   }
2274   ,
2275   {
2276     "_index": "packets-2017-10-26",
2277     "_type": "pcap_file",
2278     "_score": null,
2279     "_source": {
2280       "layers": {
2281         "frame": {
2282           "frame.encap_type": "1",
2283           "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT",
2284           "frame.offset_shift": "0.000000000",
2285           "frame.time_epoch": "1508460771.705423000",
2286           "frame.time_delta": "3.937809000",
2287           "frame.time_delta_displayed": "900.009873000",
2288           "frame.time_relative": "3059.300219000",
2289           "frame.number": "2958",
2290           "frame.len": "76",
2291           "frame.cap_len": "76",
2292           "frame.marked": "0",
2293           "frame.ignored": "0",
2294           "frame.protocols": "eth:ethertype:ip:udp:dns",
2295           "frame.coloring_rule.name": "UDP",
2296           "frame.coloring_rule.string": "udp"
2297         },
2298         "eth": {
2299           "eth.dst": "b0:b9:8a:73:69:8e",
2300           "eth.dst_tree": {
2301             "eth.dst_resolved": "Netgear_73:69:8e",
2302             "eth.addr": "b0:b9:8a:73:69:8e",
2303             "eth.addr_resolved": "Netgear_73:69:8e",
2304             "eth.lg": "0",
2305             "eth.ig": "0"
2306           },
2307           "eth.src": "00:17:88:69:ee:e4",
2308           "eth.src_tree": {
2309             "eth.src_resolved": "PhilipsL_69:ee:e4",
2310             "eth.addr": "00:17:88:69:ee:e4",
2311             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2312             "eth.lg": "0",
2313             "eth.ig": "0"
2314           },
2315           "eth.type": "0x00000800"
2316         },
2317         "ip": {
2318           "ip.version": "4",
2319           "ip.hdr_len": "20",
2320           "ip.dsfield": "0x00000000",
2321           "ip.dsfield_tree": {
2322             "ip.dsfield.dscp": "0",
2323             "ip.dsfield.ecn": "0"
2324           },
2325           "ip.len": "62",
2326           "ip.id": "0x0000b28e",
2327           "ip.flags": "0x00000002",
2328           "ip.flags_tree": {
2329             "ip.flags.rb": "0",
2330             "ip.flags.df": "1",
2331             "ip.flags.mf": "0"
2332           },
2333           "ip.frag_offset": "0",
2334           "ip.ttl": "64",
2335           "ip.proto": "17",
2336           "ip.checksum": "0x0000062f",
2337           "ip.checksum.status": "2",
2338           "ip.src": "192.168.0.160",
2339           "ip.addr": "192.168.0.160",
2340           "ip.src_host": "192.168.0.160",
2341           "ip.host": "192.168.0.160",
2342           "ip.dst": "192.168.0.1",
2343           "ip.addr": "192.168.0.1",
2344           "ip.dst_host": "192.168.0.1",
2345           "ip.host": "192.168.0.1",
2346           "Source GeoIP: Unknown": "",
2347           "Destination GeoIP: Unknown": ""
2348         },
2349         "udp": {
2350           "udp.srcport": "59344",
2351           "udp.dstport": "53",
2352           "udp.port": "59344",
2353           "udp.port": "53",
2354           "udp.length": "42",
2355           "udp.checksum": "0x00007159",
2356           "udp.checksum.status": "2",
2357           "udp.stream": "72"
2358         },
2359         "dns": {
2360           "dns.response_in": "2959",
2361           "dns.id": "0x0000048e",
2362           "dns.flags": "0x00000100",
2363           "dns.flags_tree": {
2364             "dns.flags.response": "0",
2365             "dns.flags.opcode": "0",
2366             "dns.flags.truncated": "0",
2367             "dns.flags.recdesired": "1",
2368             "dns.flags.z": "0",
2369             "dns.flags.checkdisable": "0"
2370           },
2371           "dns.count.queries": "1",
2372           "dns.count.answers": "0",
2373           "dns.count.auth_rr": "0",
2374           "dns.count.add_rr": "0",
2375           "Queries": {
2376             "www2.meethue.com: type A, class IN": {
2377               "dns.qry.name": "www2.meethue.com",
2378               "dns.qry.name.len": "16",
2379               "dns.count.labels": "3",
2380               "dns.qry.type": "1",
2381               "dns.qry.class": "0x00000001"
2382             }
2383           }
2384         }
2385       }
2386     }
2387   }
2388   ,
2389   {
2390     "_index": "packets-2017-10-26",
2391     "_type": "pcap_file",
2392     "_score": null,
2393     "_source": {
2394       "layers": {
2395         "frame": {
2396           "frame.encap_type": "1",
2397           "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT",
2398           "frame.offset_shift": "0.000000000",
2399           "frame.time_epoch": "1508460771.715857000",
2400           "frame.time_delta": "0.010434000",
2401           "frame.time_delta_displayed": "0.010434000",
2402           "frame.time_relative": "3059.310653000",
2403           "frame.number": "2959",
2404           "frame.len": "513",
2405           "frame.cap_len": "513",
2406           "frame.marked": "0",
2407           "frame.ignored": "0",
2408           "frame.protocols": "eth:ethertype:ip:udp:dns",
2409           "frame.coloring_rule.name": "UDP",
2410           "frame.coloring_rule.string": "udp"
2411         },
2412         "eth": {
2413           "eth.dst": "00:17:88:69:ee:e4",
2414           "eth.dst_tree": {
2415             "eth.dst_resolved": "PhilipsL_69:ee:e4",
2416             "eth.addr": "00:17:88:69:ee:e4",
2417             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2418             "eth.lg": "0",
2419             "eth.ig": "0"
2420           },
2421           "eth.src": "b0:b9:8a:73:69:8e",
2422           "eth.src_tree": {
2423             "eth.src_resolved": "Netgear_73:69:8e",
2424             "eth.addr": "b0:b9:8a:73:69:8e",
2425             "eth.addr_resolved": "Netgear_73:69:8e",
2426             "eth.lg": "0",
2427             "eth.ig": "0"
2428           },
2429           "eth.type": "0x00000800"
2430         },
2431         "ip": {
2432           "ip.version": "4",
2433           "ip.hdr_len": "20",
2434           "ip.dsfield": "0x00000000",
2435           "ip.dsfield_tree": {
2436             "ip.dsfield.dscp": "0",
2437             "ip.dsfield.ecn": "0"
2438           },
2439           "ip.len": "499",
2440           "ip.id": "0x0000ca5c",
2441           "ip.flags": "0x00000002",
2442           "ip.flags_tree": {
2443             "ip.flags.rb": "0",
2444             "ip.flags.df": "1",
2445             "ip.flags.mf": "0"
2446           },
2447           "ip.frag_offset": "0",
2448           "ip.ttl": "64",
2449           "ip.proto": "17",
2450           "ip.checksum": "0x0000ecab",
2451           "ip.checksum.status": "2",
2452           "ip.src": "192.168.0.1",
2453           "ip.addr": "192.168.0.1",
2454           "ip.src_host": "192.168.0.1",
2455           "ip.host": "192.168.0.1",
2456           "ip.dst": "192.168.0.160",
2457           "ip.addr": "192.168.0.160",
2458           "ip.dst_host": "192.168.0.160",
2459           "ip.host": "192.168.0.160",
2460           "Source GeoIP: Unknown": "",
2461           "Destination GeoIP: Unknown": ""
2462         },
2463         "udp": {
2464           "udp.srcport": "53",
2465           "udp.dstport": "59344",
2466           "udp.port": "53",
2467           "udp.port": "59344",
2468           "udp.length": "479",
2469           "udp.checksum": "0x000083e2",
2470           "udp.checksum.status": "2",
2471           "udp.stream": "72"
2472         },
2473         "dns": {
2474           "dns.response_to": "2958",
2475           "dns.time": "0.010434000",
2476           "dns.id": "0x0000048e",
2477           "dns.flags": "0x00008180",
2478           "dns.flags_tree": {
2479             "dns.flags.response": "1",
2480             "dns.flags.opcode": "0",
2481             "dns.flags.authoritative": "0",
2482             "dns.flags.truncated": "0",
2483             "dns.flags.recdesired": "1",
2484             "dns.flags.recavail": "1",
2485             "dns.flags.z": "0",
2486             "dns.flags.authenticated": "0",
2487             "dns.flags.checkdisable": "0",
2488             "dns.flags.rcode": "0"
2489           },
2490           "dns.count.queries": "1",
2491           "dns.count.answers": "4",
2492           "dns.count.auth_rr": "9",
2493           "dns.count.add_rr": "9",
2494           "Queries": {
2495             "www2.meethue.com: type A, class IN": {
2496               "dns.qry.name": "www2.meethue.com",
2497               "dns.qry.name.len": "16",
2498               "dns.count.labels": "3",
2499               "dns.qry.type": "1",
2500               "dns.qry.class": "0x00000001"
2501             }
2502           },
2503           "Answers": {
2504             "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
2505               "dns.resp.name": "www2.meethue.com",
2506               "dns.resp.type": "5",
2507               "dns.resp.class": "0x00000001",
2508               "dns.resp.ttl": "116",
2509               "dns.resp.len": "41",
2510               "dns.cname": "brands.lighting.philips.com.edgekey.net"
2511             },
2512             "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
2513               "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
2514               "dns.resp.type": "5",
2515               "dns.resp.class": "0x00000001",
2516               "dns.resp.ttl": "10613",
2517               "dns.resp.len": "22",
2518               "dns.cname": "e15361.b.akamaiedge.net"
2519             },
2520             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
2521               "dns.resp.name": "e15361.b.akamaiedge.net",
2522               "dns.resp.type": "1",
2523               "dns.resp.class": "0x00000001",
2524               "dns.resp.ttl": "20",
2525               "dns.resp.len": "4",
2526               "dns.a": "173.223.52.113"
2527             },
2528             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
2529               "dns.resp.name": "e15361.b.akamaiedge.net",
2530               "dns.resp.type": "1",
2531               "dns.resp.class": "0x00000001",
2532               "dns.resp.ttl": "20",
2533               "dns.resp.len": "4",
2534               "dns.a": "173.223.52.125"
2535             }
2536           },
2537           "Authoritative nameservers": {
2538             "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
2539               "dns.resp.name": "b.akamaiedge.net",
2540               "dns.resp.type": "2",
2541               "dns.resp.class": "0x00000001",
2542               "dns.resp.ttl": "2787",
2543               "dns.resp.len": "6",
2544               "dns.ns": "n5b.akamaiedge.net"
2545             },
2546             "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
2547               "dns.resp.name": "b.akamaiedge.net",
2548               "dns.resp.type": "2",
2549               "dns.resp.class": "0x00000001",
2550               "dns.resp.ttl": "2787",
2551               "dns.resp.len": "6",
2552               "dns.ns": "a0b.akamaiedge.net"
2553             },
2554             "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
2555               "dns.resp.name": "b.akamaiedge.net",
2556               "dns.resp.type": "2",
2557               "dns.resp.class": "0x00000001",
2558               "dns.resp.ttl": "2787",
2559               "dns.resp.len": "6",
2560               "dns.ns": "n4b.akamaiedge.net"
2561             },
2562             "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
2563               "dns.resp.name": "b.akamaiedge.net",
2564               "dns.resp.type": "2",
2565               "dns.resp.class": "0x00000001",
2566               "dns.resp.ttl": "2787",
2567               "dns.resp.len": "6",
2568               "dns.ns": "n1b.akamaiedge.net"
2569             },
2570             "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
2571               "dns.resp.name": "b.akamaiedge.net",
2572               "dns.resp.type": "2",
2573               "dns.resp.class": "0x00000001",
2574               "dns.resp.ttl": "2787",
2575               "dns.resp.len": "6",
2576               "dns.ns": "n2b.akamaiedge.net"
2577             },
2578             "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
2579               "dns.resp.name": "b.akamaiedge.net",
2580               "dns.resp.type": "2",
2581               "dns.resp.class": "0x00000001",
2582               "dns.resp.ttl": "2787",
2583               "dns.resp.len": "6",
2584               "dns.ns": "n0b.akamaiedge.net"
2585             },
2586             "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
2587               "dns.resp.name": "b.akamaiedge.net",
2588               "dns.resp.type": "2",
2589               "dns.resp.class": "0x00000001",
2590               "dns.resp.ttl": "2787",
2591               "dns.resp.len": "6",
2592               "dns.ns": "n3b.akamaiedge.net"
2593             },
2594             "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
2595               "dns.resp.name": "b.akamaiedge.net",
2596               "dns.resp.type": "2",
2597               "dns.resp.class": "0x00000001",
2598               "dns.resp.ttl": "2787",
2599               "dns.resp.len": "6",
2600               "dns.ns": "n7b.akamaiedge.net"
2601             },
2602             "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
2603               "dns.resp.name": "b.akamaiedge.net",
2604               "dns.resp.type": "2",
2605               "dns.resp.class": "0x00000001",
2606               "dns.resp.ttl": "2787",
2607               "dns.resp.len": "6",
2608               "dns.ns": "n6b.akamaiedge.net"
2609             }
2610           },
2611           "Additional records": {
2612             "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
2613               "dns.resp.name": "n0b.akamaiedge.net",
2614               "dns.resp.type": "1",
2615               "dns.resp.class": "0x00000001",
2616               "dns.resp.ttl": "1095",
2617               "dns.resp.len": "4",
2618               "dns.a": "88.221.81.192"
2619             },
2620             "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
2621               "dns.resp.name": "n1b.akamaiedge.net",
2622               "dns.resp.type": "1",
2623               "dns.resp.class": "0x00000001",
2624               "dns.resp.ttl": "7816",
2625               "dns.resp.len": "4",
2626               "dns.a": "184.51.200.159"
2627             },
2628             "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
2629               "dns.resp.name": "n2b.akamaiedge.net",
2630               "dns.resp.type": "1",
2631               "dns.resp.class": "0x00000001",
2632               "dns.resp.ttl": "316",
2633               "dns.resp.len": "4",
2634               "dns.a": "173.197.192.229"
2635             },
2636             "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
2637               "dns.resp.name": "n3b.akamaiedge.net",
2638               "dns.resp.type": "1",
2639               "dns.resp.class": "0x00000001",
2640               "dns.resp.ttl": "500",
2641               "dns.resp.len": "4",
2642               "dns.a": "165.254.134.241"
2643             },
2644             "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
2645               "dns.resp.name": "n4b.akamaiedge.net",
2646               "dns.resp.type": "1",
2647               "dns.resp.class": "0x00000001",
2648               "dns.resp.ttl": "5409",
2649               "dns.resp.len": "4",
2650               "dns.a": "165.254.134.244"
2651             },
2652             "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
2653               "dns.resp.name": "n5b.akamaiedge.net",
2654               "dns.resp.type": "1",
2655               "dns.resp.class": "0x00000001",
2656               "dns.resp.ttl": "1157",
2657               "dns.resp.len": "4",
2658               "dns.a": "204.1.137.33"
2659             },
2660             "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
2661               "dns.resp.name": "n6b.akamaiedge.net",
2662               "dns.resp.type": "1",
2663               "dns.resp.class": "0x00000001",
2664               "dns.resp.ttl": "954",
2665               "dns.resp.len": "4",
2666               "dns.a": "165.254.16.95"
2667             },
2668             "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
2669               "dns.resp.name": "n7b.akamaiedge.net",
2670               "dns.resp.type": "1",
2671               "dns.resp.class": "0x00000001",
2672               "dns.resp.ttl": "1018",
2673               "dns.resp.len": "4",
2674               "dns.a": "165.254.134.239"
2675             },
2676             "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
2677               "dns.resp.name": "a0b.akamaiedge.net",
2678               "dns.resp.type": "28",
2679               "dns.resp.class": "0x00000001",
2680               "dns.resp.ttl": "5792",
2681               "dns.resp.len": "16",
2682               "dns.aaaa": "2600:1480:e800::c0"
2683             }
2684           }
2685         }
2686       }
2687     }
2688   }
2689   ,
2690   {
2691     "_index": "packets-2017-10-26",
2692     "_type": "pcap_file",
2693     "_score": null,
2694     "_source": {
2695       "layers": {
2696         "frame": {
2697           "frame.encap_type": "1",
2698           "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT",
2699           "frame.offset_shift": "0.000000000",
2700           "frame.time_epoch": "1508461671.725149000",
2701           "frame.time_delta": "2.951813000",
2702           "frame.time_delta_displayed": "900.009292000",
2703           "frame.time_relative": "3959.319945000",
2704           "frame.number": "3816",
2705           "frame.len": "76",
2706           "frame.cap_len": "76",
2707           "frame.marked": "0",
2708           "frame.ignored": "0",
2709           "frame.protocols": "eth:ethertype:ip:udp:dns",
2710           "frame.coloring_rule.name": "UDP",
2711           "frame.coloring_rule.string": "udp"
2712         },
2713         "eth": {
2714           "eth.dst": "b0:b9:8a:73:69:8e",
2715           "eth.dst_tree": {
2716             "eth.dst_resolved": "Netgear_73:69:8e",
2717             "eth.addr": "b0:b9:8a:73:69:8e",
2718             "eth.addr_resolved": "Netgear_73:69:8e",
2719             "eth.lg": "0",
2720             "eth.ig": "0"
2721           },
2722           "eth.src": "00:17:88:69:ee:e4",
2723           "eth.src_tree": {
2724             "eth.src_resolved": "PhilipsL_69:ee:e4",
2725             "eth.addr": "00:17:88:69:ee:e4",
2726             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2727             "eth.lg": "0",
2728             "eth.ig": "0"
2729           },
2730           "eth.type": "0x00000800"
2731         },
2732         "ip": {
2733           "ip.version": "4",
2734           "ip.hdr_len": "20",
2735           "ip.dsfield": "0x00000000",
2736           "ip.dsfield_tree": {
2737             "ip.dsfield.dscp": "0",
2738             "ip.dsfield.ecn": "0"
2739           },
2740           "ip.len": "62",
2741           "ip.id": "0x0000ba5a",
2742           "ip.flags": "0x00000002",
2743           "ip.flags_tree": {
2744             "ip.flags.rb": "0",
2745             "ip.flags.df": "1",
2746             "ip.flags.mf": "0"
2747           },
2748           "ip.frag_offset": "0",
2749           "ip.ttl": "64",
2750           "ip.proto": "17",
2751           "ip.checksum": "0x0000fe62",
2752           "ip.checksum.status": "2",
2753           "ip.src": "192.168.0.160",
2754           "ip.addr": "192.168.0.160",
2755           "ip.src_host": "192.168.0.160",
2756           "ip.host": "192.168.0.160",
2757           "ip.dst": "192.168.0.1",
2758           "ip.addr": "192.168.0.1",
2759           "ip.dst_host": "192.168.0.1",
2760           "ip.host": "192.168.0.1",
2761           "Source GeoIP: Unknown": "",
2762           "Destination GeoIP: Unknown": ""
2763         },
2764         "udp": {
2765           "udp.srcport": "34709",
2766           "udp.dstport": "53",
2767           "udp.port": "34709",
2768           "udp.port": "53",
2769           "udp.length": "42",
2770           "udp.checksum": "0x0000d193",
2771           "udp.checksum.status": "2",
2772           "udp.stream": "84"
2773         },
2774         "dns": {
2775           "dns.response_in": "3817",
2776           "dns.id": "0x0000048f",
2777           "dns.flags": "0x00000100",
2778           "dns.flags_tree": {
2779             "dns.flags.response": "0",
2780             "dns.flags.opcode": "0",
2781             "dns.flags.truncated": "0",
2782             "dns.flags.recdesired": "1",
2783             "dns.flags.z": "0",
2784             "dns.flags.checkdisable": "0"
2785           },
2786           "dns.count.queries": "1",
2787           "dns.count.answers": "0",
2788           "dns.count.auth_rr": "0",
2789           "dns.count.add_rr": "0",
2790           "Queries": {
2791             "www2.meethue.com: type A, class IN": {
2792               "dns.qry.name": "www2.meethue.com",
2793               "dns.qry.name.len": "16",
2794               "dns.count.labels": "3",
2795               "dns.qry.type": "1",
2796               "dns.qry.class": "0x00000001"
2797             }
2798           }
2799         }
2800       }
2801     }
2802   }
2803   ,
2804   {
2805     "_index": "packets-2017-10-26",
2806     "_type": "pcap_file",
2807     "_score": null,
2808     "_source": {
2809       "layers": {
2810         "frame": {
2811           "frame.encap_type": "1",
2812           "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT",
2813           "frame.offset_shift": "0.000000000",
2814           "frame.time_epoch": "1508461671.735281000",
2815           "frame.time_delta": "0.010132000",
2816           "frame.time_delta_displayed": "0.010132000",
2817           "frame.time_relative": "3959.330077000",
2818           "frame.number": "3817",
2819           "frame.len": "513",
2820           "frame.cap_len": "513",
2821           "frame.marked": "0",
2822           "frame.ignored": "0",
2823           "frame.protocols": "eth:ethertype:ip:udp:dns",
2824           "frame.coloring_rule.name": "UDP",
2825           "frame.coloring_rule.string": "udp"
2826         },
2827         "eth": {
2828           "eth.dst": "00:17:88:69:ee:e4",
2829           "eth.dst_tree": {
2830             "eth.dst_resolved": "PhilipsL_69:ee:e4",
2831             "eth.addr": "00:17:88:69:ee:e4",
2832             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2833             "eth.lg": "0",
2834             "eth.ig": "0"
2835           },
2836           "eth.src": "b0:b9:8a:73:69:8e",
2837           "eth.src_tree": {
2838             "eth.src_resolved": "Netgear_73:69:8e",
2839             "eth.addr": "b0:b9:8a:73:69:8e",
2840             "eth.addr_resolved": "Netgear_73:69:8e",
2841             "eth.lg": "0",
2842             "eth.ig": "0"
2843           },
2844           "eth.type": "0x00000800"
2845         },
2846         "ip": {
2847           "ip.version": "4",
2848           "ip.hdr_len": "20",
2849           "ip.dsfield": "0x00000000",
2850           "ip.dsfield_tree": {
2851             "ip.dsfield.dscp": "0",
2852             "ip.dsfield.ecn": "0"
2853           },
2854           "ip.len": "499",
2855           "ip.id": "0x00004a90",
2856           "ip.flags": "0x00000002",
2857           "ip.flags_tree": {
2858             "ip.flags.rb": "0",
2859             "ip.flags.df": "1",
2860             "ip.flags.mf": "0"
2861           },
2862           "ip.frag_offset": "0",
2863           "ip.ttl": "64",
2864           "ip.proto": "17",
2865           "ip.checksum": "0x00006c78",
2866           "ip.checksum.status": "2",
2867           "ip.src": "192.168.0.1",
2868           "ip.addr": "192.168.0.1",
2869           "ip.src_host": "192.168.0.1",
2870           "ip.host": "192.168.0.1",
2871           "ip.dst": "192.168.0.160",
2872           "ip.addr": "192.168.0.160",
2873           "ip.dst_host": "192.168.0.160",
2874           "ip.host": "192.168.0.160",
2875           "Source GeoIP: Unknown": "",
2876           "Destination GeoIP: Unknown": ""
2877         },
2878         "udp": {
2879           "udp.srcport": "53",
2880           "udp.dstport": "34709",
2881           "udp.port": "53",
2882           "udp.port": "34709",
2883           "udp.length": "479",
2884           "udp.checksum": "0x000083e2",
2885           "udp.checksum.status": "2",
2886           "udp.stream": "84"
2887         },
2888         "dns": {
2889           "dns.response_to": "3816",
2890           "dns.time": "0.010132000",
2891           "dns.id": "0x0000048f",
2892           "dns.flags": "0x00008180",
2893           "dns.flags_tree": {
2894             "dns.flags.response": "1",
2895             "dns.flags.opcode": "0",
2896             "dns.flags.authoritative": "0",
2897             "dns.flags.truncated": "0",
2898             "dns.flags.recdesired": "1",
2899             "dns.flags.recavail": "1",
2900             "dns.flags.z": "0",
2901             "dns.flags.authenticated": "0",
2902             "dns.flags.checkdisable": "0",
2903             "dns.flags.rcode": "0"
2904           },
2905           "dns.count.queries": "1",
2906           "dns.count.answers": "4",
2907           "dns.count.auth_rr": "9",
2908           "dns.count.add_rr": "9",
2909           "Queries": {
2910             "www2.meethue.com: type A, class IN": {
2911               "dns.qry.name": "www2.meethue.com",
2912               "dns.qry.name.len": "16",
2913               "dns.count.labels": "3",
2914               "dns.qry.type": "1",
2915               "dns.qry.class": "0x00000001"
2916             }
2917           },
2918           "Answers": {
2919             "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
2920               "dns.resp.name": "www2.meethue.com",
2921               "dns.resp.type": "5",
2922               "dns.resp.class": "0x00000001",
2923               "dns.resp.ttl": "142",
2924               "dns.resp.len": "41",
2925               "dns.cname": "brands.lighting.philips.com.edgekey.net"
2926             },
2927             "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
2928               "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
2929               "dns.resp.type": "5",
2930               "dns.resp.class": "0x00000001",
2931               "dns.resp.ttl": "11311",
2932               "dns.resp.len": "22",
2933               "dns.cname": "e15361.b.akamaiedge.net"
2934             },
2935             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
2936               "dns.resp.name": "e15361.b.akamaiedge.net",
2937               "dns.resp.type": "1",
2938               "dns.resp.class": "0x00000001",
2939               "dns.resp.ttl": "20",
2940               "dns.resp.len": "4",
2941               "dns.a": "173.223.52.125"
2942             },
2943             "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
2944               "dns.resp.name": "e15361.b.akamaiedge.net",
2945               "dns.resp.type": "1",
2946               "dns.resp.class": "0x00000001",
2947               "dns.resp.ttl": "20",
2948               "dns.resp.len": "4",
2949               "dns.a": "173.223.52.113"
2950             }
2951           },
2952           "Authoritative nameservers": {
2953             "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
2954               "dns.resp.name": "b.akamaiedge.net",
2955               "dns.resp.type": "2",
2956               "dns.resp.class": "0x00000001",
2957               "dns.resp.ttl": "974",
2958               "dns.resp.len": "6",
2959               "dns.ns": "a0b.akamaiedge.net"
2960             },
2961             "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
2962               "dns.resp.name": "b.akamaiedge.net",
2963               "dns.resp.type": "2",
2964               "dns.resp.class": "0x00000001",
2965               "dns.resp.ttl": "974",
2966               "dns.resp.len": "6",
2967               "dns.ns": "n7b.akamaiedge.net"
2968             },
2969             "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
2970               "dns.resp.name": "b.akamaiedge.net",
2971               "dns.resp.type": "2",
2972               "dns.resp.class": "0x00000001",
2973               "dns.resp.ttl": "974",
2974               "dns.resp.len": "6",
2975               "dns.ns": "n4b.akamaiedge.net"
2976             },
2977             "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
2978               "dns.resp.name": "b.akamaiedge.net",
2979               "dns.resp.type": "2",
2980               "dns.resp.class": "0x00000001",
2981               "dns.resp.ttl": "974",
2982               "dns.resp.len": "6",
2983               "dns.ns": "n2b.akamaiedge.net"
2984             },
2985             "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
2986               "dns.resp.name": "b.akamaiedge.net",
2987               "dns.resp.type": "2",
2988               "dns.resp.class": "0x00000001",
2989               "dns.resp.ttl": "974",
2990               "dns.resp.len": "6",
2991               "dns.ns": "n0b.akamaiedge.net"
2992             },
2993             "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
2994               "dns.resp.name": "b.akamaiedge.net",
2995               "dns.resp.type": "2",
2996               "dns.resp.class": "0x00000001",
2997               "dns.resp.ttl": "974",
2998               "dns.resp.len": "6",
2999               "dns.ns": "n1b.akamaiedge.net"
3000             },
3001             "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
3002               "dns.resp.name": "b.akamaiedge.net",
3003               "dns.resp.type": "2",
3004               "dns.resp.class": "0x00000001",
3005               "dns.resp.ttl": "974",
3006               "dns.resp.len": "6",
3007               "dns.ns": "n6b.akamaiedge.net"
3008             },
3009             "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
3010               "dns.resp.name": "b.akamaiedge.net",
3011               "dns.resp.type": "2",
3012               "dns.resp.class": "0x00000001",
3013               "dns.resp.ttl": "974",
3014               "dns.resp.len": "6",
3015               "dns.ns": "n3b.akamaiedge.net"
3016             },
3017             "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
3018               "dns.resp.name": "b.akamaiedge.net",
3019               "dns.resp.type": "2",
3020               "dns.resp.class": "0x00000001",
3021               "dns.resp.ttl": "974",
3022               "dns.resp.len": "6",
3023               "dns.ns": "n5b.akamaiedge.net"
3024             }
3025           },
3026           "Additional records": {
3027             "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
3028               "dns.resp.name": "n0b.akamaiedge.net",
3029               "dns.resp.type": "1",
3030               "dns.resp.class": "0x00000001",
3031               "dns.resp.ttl": "2496",
3032               "dns.resp.len": "4",
3033               "dns.a": "88.221.81.192"
3034             },
3035             "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
3036               "dns.resp.name": "n1b.akamaiedge.net",
3037               "dns.resp.type": "1",
3038               "dns.resp.class": "0x00000001",
3039               "dns.resp.ttl": "3038",
3040               "dns.resp.len": "4",
3041               "dns.a": "165.254.134.240"
3042             },
3043             "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
3044               "dns.resp.name": "n2b.akamaiedge.net",
3045               "dns.resp.type": "1",
3046               "dns.resp.class": "0x00000001",
3047               "dns.resp.ttl": "5814",
3048               "dns.resp.len": "4",
3049               "dns.a": "165.254.16.89"
3050             },
3051             "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
3052               "dns.resp.name": "n3b.akamaiedge.net",
3053               "dns.resp.type": "1",
3054               "dns.resp.class": "0x00000001",
3055               "dns.resp.ttl": "1876",
3056               "dns.resp.len": "4",
3057               "dns.a": "165.254.16.90"
3058             },
3059             "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
3060               "dns.resp.name": "n4b.akamaiedge.net",
3061               "dns.resp.type": "1",
3062               "dns.resp.class": "0x00000001",
3063               "dns.resp.ttl": "2284",
3064               "dns.resp.len": "4",
3065               "dns.a": "165.254.16.94"
3066             },
3067             "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
3068               "dns.resp.name": "n5b.akamaiedge.net",
3069               "dns.resp.type": "1",
3070               "dns.resp.class": "0x00000001",
3071               "dns.resp.ttl": "2841",
3072               "dns.resp.len": "4",
3073               "dns.a": "165.254.134.244"
3074             },
3075             "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": {
3076               "dns.resp.name": "n6b.akamaiedge.net",
3077               "dns.resp.type": "1",
3078               "dns.resp.class": "0x00000001",
3079               "dns.resp.ttl": "2419",
3080               "dns.resp.len": "4",
3081               "dns.a": "165.254.16.93"
3082             },
3083             "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
3084               "dns.resp.name": "n7b.akamaiedge.net",
3085               "dns.resp.type": "1",
3086               "dns.resp.class": "0x00000001",
3087               "dns.resp.ttl": "522",
3088               "dns.resp.len": "4",
3089               "dns.a": "165.254.134.232"
3090             },
3091             "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
3092               "dns.resp.name": "a0b.akamaiedge.net",
3093               "dns.resp.type": "28",
3094               "dns.resp.class": "0x00000001",
3095               "dns.resp.ttl": "2974",
3096               "dns.resp.len": "16",
3097               "dns.aaaa": "2600:1480:e800::c0"
3098             }
3099           }
3100         }
3101       }
3102     }
3103   }
3104   ,
3105   {
3106     "_index": "packets-2017-10-26",
3107     "_type": "pcap_file",
3108     "_score": null,
3109     "_source": {
3110       "layers": {
3111         "frame": {
3112           "frame.encap_type": "1",
3113           "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT",
3114           "frame.offset_shift": "0.000000000",
3115           "frame.time_epoch": "1508461976.852097000",
3116           "frame.time_delta": "3.045152000",
3117           "frame.time_delta_displayed": "305.116816000",
3118           "frame.time_relative": "4264.446893000",
3119           "frame.number": "5571",
3120           "frame.len": "83",
3121           "frame.cap_len": "83",
3122           "frame.marked": "0",
3123           "frame.ignored": "0",
3124           "frame.protocols": "eth:ethertype:ip:udp:dns",
3125           "frame.coloring_rule.name": "UDP",
3126           "frame.coloring_rule.string": "udp"
3127         },
3128         "eth": {
3129           "eth.dst": "b0:b9:8a:73:69:8e",
3130           "eth.dst_tree": {
3131             "eth.dst_resolved": "Netgear_73:69:8e",
3132             "eth.addr": "b0:b9:8a:73:69:8e",
3133             "eth.addr_resolved": "Netgear_73:69:8e",
3134             "eth.lg": "0",
3135             "eth.ig": "0"
3136           },
3137           "eth.src": "00:17:88:69:ee:e4",
3138           "eth.src_tree": {
3139             "eth.src_resolved": "PhilipsL_69:ee:e4",
3140             "eth.addr": "00:17:88:69:ee:e4",
3141             "eth.addr_resolved": "PhilipsL_69:ee:e4",
3142             "eth.lg": "0",
3143             "eth.ig": "0"
3144           },
3145           "eth.type": "0x00000800"
3146         },
3147         "ip": {
3148           "ip.version": "4",
3149           "ip.hdr_len": "20",
3150           "ip.dsfield": "0x00000000",
3151           "ip.dsfield_tree": {
3152             "ip.dsfield.dscp": "0",
3153             "ip.dsfield.ecn": "0"
3154           },
3155           "ip.len": "69",
3156           "ip.id": "0x0000f879",
3157           "ip.flags": "0x00000002",
3158           "ip.flags_tree": {
3159             "ip.flags.rb": "0",
3160             "ip.flags.df": "1",
3161             "ip.flags.mf": "0"
3162           },
3163           "ip.frag_offset": "0",
3164           "ip.ttl": "64",
3165           "ip.proto": "17",
3166           "ip.checksum": "0x0000c03c",
3167           "ip.checksum.status": "2",
3168           "ip.src": "192.168.0.160",
3169           "ip.addr": "192.168.0.160",
3170           "ip.src_host": "192.168.0.160",
3171           "ip.host": "192.168.0.160",
3172           "ip.dst": "192.168.0.1",
3173           "ip.addr": "192.168.0.1",
3174           "ip.dst_host": "192.168.0.1",
3175           "ip.host": "192.168.0.1",
3176           "Source GeoIP: Unknown": "",
3177           "Destination GeoIP: Unknown": ""
3178         },
3179         "udp": {
3180           "udp.srcport": "46881",
3181           "udp.dstport": "53",
3182           "udp.port": "46881",
3183           "udp.port": "53",
3184           "udp.length": "49",
3185           "udp.checksum": "0x0000d1bd",
3186           "udp.checksum.status": "2",
3187           "udp.stream": "89"
3188         },
3189         "dns": {
3190           "dns.response_in": "5572",
3191           "dns.id": "0x00000490",
3192           "dns.flags": "0x00000100",
3193           "dns.flags_tree": {
3194             "dns.flags.response": "0",
3195             "dns.flags.opcode": "0",
3196             "dns.flags.truncated": "0",
3197             "dns.flags.recdesired": "1",
3198             "dns.flags.z": "0",
3199             "dns.flags.checkdisable": "0"
3200           },
3201           "dns.count.queries": "1",
3202           "dns.count.answers": "0",
3203           "dns.count.auth_rr": "0",
3204           "dns.count.add_rr": "0",
3205           "Queries": {
3206             "diagnostics.meethue.com: type A, class IN": {
3207               "dns.qry.name": "diagnostics.meethue.com",
3208               "dns.qry.name.len": "23",
3209               "dns.count.labels": "3",
3210               "dns.qry.type": "1",
3211               "dns.qry.class": "0x00000001"
3212             }
3213           }
3214         }
3215       }
3216     }
3217   }
3218   ,
3219   {
3220     "_index": "packets-2017-10-26",
3221     "_type": "pcap_file",
3222     "_score": null,
3223     "_source": {
3224       "layers": {
3225         "frame": {
3226           "frame.encap_type": "1",
3227           "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT",
3228           "frame.offset_shift": "0.000000000",
3229           "frame.time_epoch": "1508461976.936468000",
3230           "frame.time_delta": "0.084371000",
3231           "frame.time_delta_displayed": "0.084371000",
3232           "frame.time_relative": "4264.531264000",
3233           "frame.number": "5572",
3234           "frame.len": "297",
3235           "frame.cap_len": "297",
3236           "frame.marked": "0",
3237           "frame.ignored": "0",
3238           "frame.protocols": "eth:ethertype:ip:udp:dns",
3239           "frame.coloring_rule.name": "UDP",
3240           "frame.coloring_rule.string": "udp"
3241         },
3242         "eth": {
3243           "eth.dst": "00:17:88:69:ee:e4",
3244           "eth.dst_tree": {
3245             "eth.dst_resolved": "PhilipsL_69:ee:e4",
3246             "eth.addr": "00:17:88:69:ee:e4",
3247             "eth.addr_resolved": "PhilipsL_69:ee:e4",
3248             "eth.lg": "0",
3249             "eth.ig": "0"
3250           },
3251           "eth.src": "b0:b9:8a:73:69:8e",
3252           "eth.src_tree": {
3253             "eth.src_resolved": "Netgear_73:69:8e",
3254             "eth.addr": "b0:b9:8a:73:69:8e",
3255             "eth.addr_resolved": "Netgear_73:69:8e",
3256             "eth.lg": "0",
3257             "eth.ig": "0"
3258           },
3259           "eth.type": "0x00000800"
3260         },
3261         "ip": {
3262           "ip.version": "4",
3263           "ip.hdr_len": "20",
3264           "ip.dsfield": "0x00000000",
3265           "ip.dsfield_tree": {
3266             "ip.dsfield.dscp": "0",
3267             "ip.dsfield.ecn": "0"
3268           },
3269           "ip.len": "283",
3270           "ip.id": "0x00008c6e",
3271           "ip.flags": "0x00000002",
3272           "ip.flags_tree": {
3273             "ip.flags.rb": "0",
3274             "ip.flags.df": "1",
3275             "ip.flags.mf": "0"
3276           },
3277           "ip.frag_offset": "0",
3278           "ip.ttl": "64",
3279           "ip.proto": "17",
3280           "ip.checksum": "0x00002b72",
3281           "ip.checksum.status": "2",
3282           "ip.src": "192.168.0.1",
3283           "ip.addr": "192.168.0.1",
3284           "ip.src_host": "192.168.0.1",
3285           "ip.host": "192.168.0.1",
3286           "ip.dst": "192.168.0.160",
3287           "ip.addr": "192.168.0.160",
3288           "ip.dst_host": "192.168.0.160",
3289           "ip.host": "192.168.0.160",
3290           "Source GeoIP: Unknown": "",
3291           "Destination GeoIP: Unknown": ""
3292         },
3293         "udp": {
3294           "udp.srcport": "53",
3295           "udp.dstport": "46881",
3296           "udp.port": "53",
3297           "udp.port": "46881",
3298           "udp.length": "263",
3299           "udp.checksum": "0x0000830a",
3300           "udp.checksum.status": "2",
3301           "udp.stream": "89"
3302         },
3303         "dns": {
3304           "dns.response_to": "5571",
3305           "dns.time": "0.084371000",
3306           "dns.id": "0x00000490",