Restructuring files and folders
[pingpong.git] / json / eth1.dump.json
1 [
2   {
3     "_index": "packets-2017-11-01",
4     "_type": "pcap_file",
5     "_score": null,
6     "_source": {
7       "layers": {
8         "frame": {
9           "frame.encap_type": "1",
10           "frame.time": "Oct 31, 2017 16:46:31.460686000 PDT",
11           "frame.offset_shift": "0.000000000",
12           "frame.time_epoch": "1509493591.460686000",
13           "frame.time_delta": "0.000000000",
14           "frame.time_delta_displayed": "0.000000000",
15           "frame.time_relative": "0.000000000",
16           "frame.number": "1",
17           "frame.len": "42",
18           "frame.cap_len": "42",
19           "frame.marked": "0",
20           "frame.ignored": "0",
21           "frame.protocols": "eth:ethertype:arp"
22         },
23         "eth": {
24           "eth.dst": "00:17:88:69:ee:e4",
25           "eth.dst_tree": {
26             "eth.dst_resolved": "PhilipsL_69:ee:e4",
27             "eth.addr": "00:17:88:69:ee:e4",
28             "eth.addr_resolved": "PhilipsL_69:ee:e4",
29             "eth.lg": "0",
30             "eth.ig": "0"
31           },
32           "eth.src": "b0:b9:8a:73:69:8e",
33           "eth.src_tree": {
34             "eth.src_resolved": "Netgear_73:69:8e",
35             "eth.addr": "b0:b9:8a:73:69:8e",
36             "eth.addr_resolved": "Netgear_73:69:8e",
37             "eth.lg": "0",
38             "eth.ig": "0"
39           },
40           "eth.type": "0x00000806"
41         },
42         "arp": {
43           "arp.hw.type": "1",
44           "arp.proto.type": "0x00000800",
45           "arp.hw.size": "6",
46           "arp.proto.size": "4",
47           "arp.opcode": "1",
48           "arp.src.hw_mac": "b0:b9:8a:73:69:8e",
49           "arp.src.proto_ipv4": "192.168.0.1",
50           "arp.dst.hw_mac": "00:00:00:00:00:00",
51           "arp.dst.proto_ipv4": "192.168.0.160"
52         }
53       }
54     }
55   }
56
57   ,
58   {
59     "_index": "packets-2017-11-01",
60     "_type": "pcap_file",
61     "_score": null,
62     "_source": {
63       "layers": {
64         "frame": {
65           "frame.encap_type": "1",
66           "frame.time": "Oct 31, 2017 16:46:31.461239000 PDT",
67           "frame.offset_shift": "0.000000000",
68           "frame.time_epoch": "1509493591.461239000",
69           "frame.time_delta": "0.000553000",
70           "frame.time_delta_displayed": "0.000553000",
71           "frame.time_relative": "0.000553000",
72           "frame.number": "2",
73           "frame.len": "60",
74           "frame.cap_len": "60",
75           "frame.marked": "0",
76           "frame.ignored": "0",
77           "frame.protocols": "eth:ethertype:arp"
78         },
79         "eth": {
80           "eth.dst": "b0:b9:8a:73:69:8e",
81           "eth.dst_tree": {
82             "eth.dst_resolved": "Netgear_73:69:8e",
83             "eth.addr": "b0:b9:8a:73:69:8e",
84             "eth.addr_resolved": "Netgear_73:69:8e",
85             "eth.lg": "0",
86             "eth.ig": "0"
87           },
88           "eth.src": "00:17:88:69:ee:e4",
89           "eth.src_tree": {
90             "eth.src_resolved": "PhilipsL_69:ee:e4",
91             "eth.addr": "00:17:88:69:ee:e4",
92             "eth.addr_resolved": "PhilipsL_69:ee:e4",
93             "eth.lg": "0",
94             "eth.ig": "0"
95           },
96           "eth.type": "0x00000806",
97           "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
98         },
99         "arp": {
100           "arp.hw.type": "1",
101           "arp.proto.type": "0x00000800",
102           "arp.hw.size": "6",
103           "arp.proto.size": "4",
104           "arp.opcode": "2",
105           "arp.src.hw_mac": "00:17:88:69:ee:e4",
106           "arp.src.proto_ipv4": "192.168.0.160",
107           "arp.dst.hw_mac": "b0:b9:8a:73:69:8e",
108           "arp.dst.proto_ipv4": "192.168.0.1"
109         }
110       }
111     }
112   }
113
114   ,
115   {
116     "_index": "packets-2017-11-01",
117     "_type": "pcap_file",
118     "_score": null,
119     "_source": {
120       "layers": {
121         "frame": {
122           "frame.encap_type": "1",
123           "frame.time": "Oct 31, 2017 16:46:31.525095000 PDT",
124           "frame.offset_shift": "0.000000000",
125           "frame.time_epoch": "1509493591.525095000",
126           "frame.time_delta": "0.063856000",
127           "frame.time_delta_displayed": "0.063856000",
128           "frame.time_relative": "0.064409000",
129           "frame.number": "3",
130           "frame.len": "120",
131           "frame.cap_len": "120",
132           "frame.marked": "0",
133           "frame.ignored": "0",
134           "frame.protocols": "eth:ethertype:ip:tcp:ssl"
135         },
136         "eth": {
137           "eth.dst": "b0:b9:8a:73:69:8e",
138           "eth.dst_tree": {
139             "eth.dst_resolved": "Netgear_73:69:8e",
140             "eth.addr": "b0:b9:8a:73:69:8e",
141             "eth.addr_resolved": "Netgear_73:69:8e",
142             "eth.lg": "0",
143             "eth.ig": "0"
144           },
145           "eth.src": "d0:52:a8:a3:60:0f",
146           "eth.src_tree": {
147             "eth.src_resolved": "Physical_a3:60:0f",
148             "eth.addr": "d0:52:a8:a3:60:0f",
149             "eth.addr_resolved": "Physical_a3:60:0f",
150             "eth.lg": "0",
151             "eth.ig": "0"
152           },
153           "eth.type": "0x00000800"
154         },
155         "ip": {
156           "ip.version": "4",
157           "ip.hdr_len": "20",
158           "ip.dsfield": "0x00000000",
159           "ip.dsfield_tree": {
160             "ip.dsfield.dscp": "0",
161             "ip.dsfield.ecn": "0"
162           },
163           "ip.len": "106",
164           "ip.id": "0x000094e8",
165           "ip.flags": "0x00000002",
166           "ip.flags_tree": {
167             "ip.flags.rb": "0",
168             "ip.flags.df": "1",
169             "ip.flags.mf": "0"
170           },
171           "ip.frag_offset": "0",
172           "ip.ttl": "64",
173           "ip.proto": "6",
174           "ip.checksum": "0x00007861",
175           "ip.checksum.status": "2",
176           "ip.src": "192.168.0.242",
177           "ip.addr": "192.168.0.242",
178           "ip.src_host": "192.168.0.242",
179           "ip.host": "192.168.0.242",
180           "ip.dst": "13.59.94.111",
181           "ip.addr": "13.59.94.111",
182           "ip.dst_host": "13.59.94.111",
183           "ip.host": "13.59.94.111",
184           "Source GeoIP: Unknown": "",
185           "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
186             "ip.geoip.dst_country": "United States",
187             "ip.geoip.country": "United States",
188             "ip.geoip.dst_city": "Norwalk, CT",
189             "ip.geoip.city": "Norwalk, CT",
190             "ip.geoip.dst_lat": "41.127102",
191             "ip.geoip.lat": "41.127102",
192             "ip.geoip.dst_lon": "-73.441597",
193             "ip.geoip.lon": "-73.441597"
194           }
195         },
196         "tcp": {
197           "tcp.srcport": "44970",
198           "tcp.dstport": "443",
199           "tcp.port": "44970",
200           "tcp.port": "443",
201           "tcp.stream": "0",
202           "tcp.len": "54",
203           "tcp.seq": "1",
204           "tcp.nxtseq": "55",
205           "tcp.ack": "1",
206           "tcp.hdr_len": "32",
207           "tcp.flags": "0x00000018",
208           "tcp.flags_tree": {
209             "tcp.flags.res": "0",
210             "tcp.flags.ns": "0",
211             "tcp.flags.cwr": "0",
212             "tcp.flags.ecn": "0",
213             "tcp.flags.urg": "0",
214             "tcp.flags.ack": "1",
215             "tcp.flags.push": "1",
216             "tcp.flags.reset": "0",
217             "tcp.flags.syn": "0",
218             "tcp.flags.fin": "0",
219             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
220           },
221           "tcp.window_size_value": "661",
222           "tcp.window_size": "661",
223           "tcp.window_size_scalefactor": "-1",
224           "tcp.checksum": "0x00001f54",
225           "tcp.checksum.status": "2",
226           "tcp.urgent_pointer": "0",
227           "tcp.options": "01:01:08:0a:00:24:b0:f1:a7:9a:fb:27",
228           "tcp.options_tree": {
229             "No-Operation (NOP)": {
230               "tcp.options.type": "1",
231               "tcp.options.type_tree": {
232                 "tcp.options.type.copy": "0",
233                 "tcp.options.type.class": "0",
234                 "tcp.options.type.number": "1"
235               }
236             },
237             "No-Operation (NOP)": {
238               "tcp.options.type": "1",
239               "tcp.options.type_tree": {
240                 "tcp.options.type.copy": "0",
241                 "tcp.options.type.class": "0",
242                 "tcp.options.type.number": "1"
243               }
244             },
245             "Timestamps: TSval 2404593, TSecr 2811951911": {
246               "tcp.option_kind": "8",
247               "tcp.option_len": "10",
248               "tcp.options.timestamp.tsval": "2404593",
249               "tcp.options.timestamp.tsecr": "2811951911"
250             }
251           },
252           "tcp.analysis": {
253             "tcp.analysis.bytes_in_flight": "54",
254             "tcp.analysis.push_bytes_sent": "54"
255           }
256         },
257         "ssl": {
258           "ssl.record": {
259             "ssl.record.content_type": "23",
260             "ssl.record.version": "0x00000303",
261             "ssl.record.length": "49",
262             "ssl.app_data": "13:6b:24:d2:9f:7e:44:8f:40:fd:3b:3e:a4:2f:33:d8:3d:bc:c6:60:44:79:44:61:7e:ac:88:d7:ed:89:13:61:c2:de:36:ba:86:be:cb:cd:ac:1a:a3:07:bd:e3:0a:70:8a"
263           }
264         }
265       }
266     }
267   }
268
269   ,
270   {
271     "_index": "packets-2017-11-01",
272     "_type": "pcap_file",
273     "_score": null,
274     "_source": {
275       "layers": {
276         "frame": {
277           "frame.encap_type": "1",
278           "frame.time": "Oct 31, 2017 16:46:31.585328000 PDT",
279           "frame.offset_shift": "0.000000000",
280           "frame.time_epoch": "1509493591.585328000",
281           "frame.time_delta": "0.060233000",
282           "frame.time_delta_displayed": "0.060233000",
283           "frame.time_relative": "0.124642000",
284           "frame.number": "4",
285           "frame.len": "66",
286           "frame.cap_len": "66",
287           "frame.marked": "0",
288           "frame.ignored": "0",
289           "frame.protocols": "eth:ethertype:ip:tcp"
290         },
291         "eth": {
292           "eth.dst": "d0:52:a8:a3:60:0f",
293           "eth.dst_tree": {
294             "eth.dst_resolved": "Physical_a3:60:0f",
295             "eth.addr": "d0:52:a8:a3:60:0f",
296             "eth.addr_resolved": "Physical_a3:60:0f",
297             "eth.lg": "0",
298             "eth.ig": "0"
299           },
300           "eth.src": "b0:b9:8a:73:69:8e",
301           "eth.src_tree": {
302             "eth.src_resolved": "Netgear_73:69:8e",
303             "eth.addr": "b0:b9:8a:73:69:8e",
304             "eth.addr_resolved": "Netgear_73:69:8e",
305             "eth.lg": "0",
306             "eth.ig": "0"
307           },
308           "eth.type": "0x00000800"
309         },
310         "ip": {
311           "ip.version": "4",
312           "ip.hdr_len": "20",
313           "ip.dsfield": "0x00000000",
314           "ip.dsfield_tree": {
315             "ip.dsfield.dscp": "0",
316             "ip.dsfield.ecn": "0"
317           },
318           "ip.len": "52",
319           "ip.id": "0x00002be8",
320           "ip.flags": "0x00000002",
321           "ip.flags_tree": {
322             "ip.flags.rb": "0",
323             "ip.flags.df": "1",
324             "ip.flags.mf": "0"
325           },
326           "ip.frag_offset": "0",
327           "ip.ttl": "232",
328           "ip.proto": "6",
329           "ip.checksum": "0x00003997",
330           "ip.checksum.status": "2",
331           "ip.src": "13.59.94.111",
332           "ip.addr": "13.59.94.111",
333           "ip.src_host": "13.59.94.111",
334           "ip.host": "13.59.94.111",
335           "ip.dst": "192.168.0.242",
336           "ip.addr": "192.168.0.242",
337           "ip.dst_host": "192.168.0.242",
338           "ip.host": "192.168.0.242",
339           "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
340             "ip.geoip.src_country": "United States",
341             "ip.geoip.country": "United States",
342             "ip.geoip.src_city": "Norwalk, CT",
343             "ip.geoip.city": "Norwalk, CT",
344             "ip.geoip.src_lat": "41.127102",
345             "ip.geoip.lat": "41.127102",
346             "ip.geoip.src_lon": "-73.441597",
347             "ip.geoip.lon": "-73.441597"
348           },
349           "Destination GeoIP: Unknown": ""
350         },
351         "tcp": {
352           "tcp.srcport": "443",
353           "tcp.dstport": "44970",
354           "tcp.port": "443",
355           "tcp.port": "44970",
356           "tcp.stream": "0",
357           "tcp.len": "0",
358           "tcp.seq": "1",
359           "tcp.ack": "55",
360           "tcp.hdr_len": "32",
361           "tcp.flags": "0x00000010",
362           "tcp.flags_tree": {
363             "tcp.flags.res": "0",
364             "tcp.flags.ns": "0",
365             "tcp.flags.cwr": "0",
366             "tcp.flags.ecn": "0",
367             "tcp.flags.urg": "0",
368             "tcp.flags.ack": "1",
369             "tcp.flags.push": "0",
370             "tcp.flags.reset": "0",
371             "tcp.flags.syn": "0",
372             "tcp.flags.fin": "0",
373             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
374           },
375           "tcp.window_size_value": "422",
376           "tcp.window_size": "422",
377           "tcp.window_size_scalefactor": "-1",
378           "tcp.checksum": "0x0000fbf4",
379           "tcp.checksum.status": "2",
380           "tcp.urgent_pointer": "0",
381           "tcp.options": "01:01:08:0a:a7:9a:fb:74:00:24:b0:f1",
382           "tcp.options_tree": {
383             "No-Operation (NOP)": {
384               "tcp.options.type": "1",
385               "tcp.options.type_tree": {
386                 "tcp.options.type.copy": "0",
387                 "tcp.options.type.class": "0",
388                 "tcp.options.type.number": "1"
389               }
390             },
391             "No-Operation (NOP)": {
392               "tcp.options.type": "1",
393               "tcp.options.type_tree": {
394                 "tcp.options.type.copy": "0",
395                 "tcp.options.type.class": "0",
396                 "tcp.options.type.number": "1"
397               }
398             },
399             "Timestamps: TSval 2811951988, TSecr 2404593": {
400               "tcp.option_kind": "8",
401               "tcp.option_len": "10",
402               "tcp.options.timestamp.tsval": "2811951988",
403               "tcp.options.timestamp.tsecr": "2404593"
404             }
405           },
406           "tcp.analysis": {
407             "tcp.analysis.acks_frame": "3",
408             "tcp.analysis.ack_rtt": "0.060233000"
409           }
410         }
411       }
412     }
413   }
414
415   ,
416   {
417     "_index": "packets-2017-11-01",
418     "_type": "pcap_file",
419     "_score": null,
420     "_source": {
421       "layers": {
422         "frame": {
423           "frame.encap_type": "1",
424           "frame.time": "Oct 31, 2017 16:46:33.000259000 PDT",
425           "frame.offset_shift": "0.000000000",
426           "frame.time_epoch": "1509493593.000259000",
427           "frame.time_delta": "1.414931000",
428           "frame.time_delta_displayed": "1.414931000",
429           "frame.time_relative": "1.539573000",
430           "frame.number": "5",
431           "frame.len": "136",
432           "frame.cap_len": "136",
433           "frame.marked": "0",
434           "frame.ignored": "0",
435           "frame.protocols": "eth:ethertype:ip:udp:mdns"
436         },
437         "eth": {
438           "eth.dst": "01:00:5e:00:00:fb",
439           "eth.dst_tree": {
440             "eth.dst_resolved": "IPv4mcast_fb",
441             "eth.addr": "01:00:5e:00:00:fb",
442             "eth.addr_resolved": "IPv4mcast_fb",
443             "eth.lg": "0",
444             "eth.ig": "1"
445           },
446           "eth.src": "64:bc:0c:43:3f:40",
447           "eth.src_tree": {
448             "eth.src_resolved": "LgElectr_43:3f:40",
449             "eth.addr": "64:bc:0c:43:3f:40",
450             "eth.addr_resolved": "LgElectr_43:3f:40",
451             "eth.lg": "0",
452             "eth.ig": "0"
453           },
454           "eth.type": "0x00000800"
455         },
456         "ip": {
457           "ip.version": "4",
458           "ip.hdr_len": "20",
459           "ip.dsfield": "0x00000000",
460           "ip.dsfield_tree": {
461             "ip.dsfield.dscp": "0",
462             "ip.dsfield.ecn": "0"
463           },
464           "ip.len": "122",
465           "ip.id": "0x0000affd",
466           "ip.flags": "0x00000002",
467           "ip.flags_tree": {
468             "ip.flags.rb": "0",
469             "ip.flags.df": "1",
470             "ip.flags.mf": "0"
471           },
472           "ip.frag_offset": "0",
473           "ip.ttl": "255",
474           "ip.proto": "17",
475           "ip.checksum": "0x0000295c",
476           "ip.checksum.status": "2",
477           "ip.src": "192.168.0.117",
478           "ip.addr": "192.168.0.117",
479           "ip.src_host": "192.168.0.117",
480           "ip.host": "192.168.0.117",
481           "ip.dst": "224.0.0.251",
482           "ip.addr": "224.0.0.251",
483           "ip.dst_host": "224.0.0.251",
484           "ip.host": "224.0.0.251",
485           "Source GeoIP: Unknown": "",
486           "Destination GeoIP: Unknown": ""
487         },
488         "udp": {
489           "udp.srcport": "5353",
490           "udp.dstport": "5353",
491           "udp.port": "5353",
492           "udp.port": "5353",
493           "udp.length": "102",
494           "udp.checksum": "0x0000302a",
495           "udp.checksum.status": "2",
496           "udp.stream": "0"
497         },
498         "mdns": {
499           "dns.id": "0x00000003",
500           "dns.flags": "0x00000000",
501           "dns.flags_tree": {
502             "dns.flags.response": "0",
503             "dns.flags.opcode": "0",
504             "dns.flags.truncated": "0",
505             "dns.flags.recdesired": "0",
506             "dns.flags.z": "0",
507             "dns.flags.checkdisable": "0"
508           },
509           "dns.count.queries": "2",
510           "dns.count.answers": "0",
511           "dns.count.auth_rr": "0",
512           "dns.count.add_rr": "0",
513           "Queries": {
514             "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": {
515               "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local",
516               "dns.qry.name.len": "70",
517               "dns.count.labels": "5",
518               "dns.qry.type": "12",
519               "dns.qry.class": "0x00000001",
520               "dns.qry.qu": "0"
521             },
522             "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": {
523               "dns.qry.name": "_googlecast._tcp.local",
524               "dns.qry.name.len": "22",
525               "dns.count.labels": "3",
526               "dns.qry.type": "12",
527               "dns.qry.class": "0x00000001",
528               "dns.qry.qu": "0"
529             }
530           }
531         }
532       }
533     }
534   }
535
536   ,
537   {
538     "_index": "packets-2017-11-01",
539     "_type": "pcap_file",
540     "_score": null,
541     "_source": {
542       "layers": {
543         "frame": {
544           "frame.encap_type": "1",
545           "frame.time": "Oct 31, 2017 16:46:34.421324000 PDT",
546           "frame.offset_shift": "0.000000000",
547           "frame.time_epoch": "1509493594.421324000",
548           "frame.time_delta": "1.421065000",
549           "frame.time_delta_displayed": "1.421065000",
550           "frame.time_relative": "2.960638000",
551           "frame.number": "6",
552           "frame.len": "60",
553           "frame.cap_len": "60",
554           "frame.marked": "0",
555           "frame.ignored": "0",
556           "frame.protocols": "eth:ethertype:ip:tcp"
557         },
558         "eth": {
559           "eth.dst": "b0:b9:8a:73:69:8e",
560           "eth.dst_tree": {
561             "eth.dst_resolved": "Netgear_73:69:8e",
562             "eth.addr": "b0:b9:8a:73:69:8e",
563             "eth.addr_resolved": "Netgear_73:69:8e",
564             "eth.lg": "0",
565             "eth.ig": "0"
566           },
567           "eth.src": "00:17:88:69:ee:e4",
568           "eth.src_tree": {
569             "eth.src_resolved": "PhilipsL_69:ee:e4",
570             "eth.addr": "00:17:88:69:ee:e4",
571             "eth.addr_resolved": "PhilipsL_69:ee:e4",
572             "eth.lg": "0",
573             "eth.ig": "0"
574           },
575           "eth.type": "0x00000800",
576           "eth.padding": "00:00:00:00:00:00"
577         },
578         "ip": {
579           "ip.version": "4",
580           "ip.hdr_len": "20",
581           "ip.dsfield": "0x00000000",
582           "ip.dsfield_tree": {
583             "ip.dsfield.dscp": "0",
584             "ip.dsfield.ecn": "0"
585           },
586           "ip.len": "40",
587           "ip.id": "0x000057ce",
588           "ip.flags": "0x00000002",
589           "ip.flags_tree": {
590             "ip.flags.rb": "0",
591             "ip.flags.df": "1",
592             "ip.flags.mf": "0"
593           },
594           "ip.frag_offset": "0",
595           "ip.ttl": "64",
596           "ip.proto": "6",
597           "ip.checksum": "0x0000a6c3",
598           "ip.checksum.status": "2",
599           "ip.src": "192.168.0.160",
600           "ip.addr": "192.168.0.160",
601           "ip.src_host": "192.168.0.160",
602           "ip.host": "192.168.0.160",
603           "ip.dst": "104.155.18.91",
604           "ip.addr": "104.155.18.91",
605           "ip.dst_host": "104.155.18.91",
606           "ip.host": "104.155.18.91",
607           "Source GeoIP: Unknown": "",
608           "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": {
609             "ip.geoip.dst_country": "United States",
610             "ip.geoip.country": "United States",
611             "ip.geoip.dst_asnum": "AS15169 Google Inc.",
612             "ip.geoip.asnum": "AS15169 Google Inc.",
613             "ip.geoip.dst_city": "Mountain View, CA",
614             "ip.geoip.city": "Mountain View, CA",
615             "ip.geoip.dst_lat": "37.419201",
616             "ip.geoip.lat": "37.419201",
617             "ip.geoip.dst_lon": "-122.057404",
618             "ip.geoip.lon": "-122.057404"
619           }
620         },
621         "tcp": {
622           "tcp.srcport": "47009",
623           "tcp.dstport": "443",
624           "tcp.port": "47009",
625           "tcp.port": "443",
626           "tcp.stream": "1",
627           "tcp.len": "0",
628           "tcp.seq": "1",
629           "tcp.ack": "1",
630           "tcp.hdr_len": "20",
631           "tcp.flags": "0x00000010",
632           "tcp.flags_tree": {
633             "tcp.flags.res": "0",
634             "tcp.flags.ns": "0",
635             "tcp.flags.cwr": "0",
636             "tcp.flags.ecn": "0",
637             "tcp.flags.urg": "0",
638             "tcp.flags.ack": "1",
639             "tcp.flags.push": "0",
640             "tcp.flags.reset": "0",
641             "tcp.flags.syn": "0",
642             "tcp.flags.fin": "0",
643             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
644           },
645           "tcp.window_size_value": "4015",
646           "tcp.window_size": "4015",
647           "tcp.window_size_scalefactor": "-1",
648           "tcp.checksum": "0x000006bf",
649           "tcp.checksum.status": "2",
650           "tcp.urgent_pointer": "0"
651         }
652       }
653     }
654   }
655
656   ,
657   {
658     "_index": "packets-2017-11-01",
659     "_type": "pcap_file",
660     "_score": null,
661     "_source": {
662       "layers": {
663         "frame": {
664           "frame.encap_type": "1",
665           "frame.time": "Oct 31, 2017 16:46:34.559535000 PDT",
666           "frame.offset_shift": "0.000000000",
667           "frame.time_epoch": "1509493594.559535000",
668           "frame.time_delta": "0.138211000",
669           "frame.time_delta_displayed": "0.138211000",
670           "frame.time_relative": "3.098849000",
671           "frame.number": "7",
672           "frame.len": "120",
673           "frame.cap_len": "120",
674           "frame.marked": "0",
675           "frame.ignored": "0",
676           "frame.protocols": "eth:ethertype:ip:tcp:ssl"
677         },
678         "eth": {
679           "eth.dst": "b0:b9:8a:73:69:8e",
680           "eth.dst_tree": {
681             "eth.dst_resolved": "Netgear_73:69:8e",
682             "eth.addr": "b0:b9:8a:73:69:8e",
683             "eth.addr_resolved": "Netgear_73:69:8e",
684             "eth.lg": "0",
685             "eth.ig": "0"
686           },
687           "eth.src": "d0:52:a8:a3:60:0f",
688           "eth.src_tree": {
689             "eth.src_resolved": "Physical_a3:60:0f",
690             "eth.addr": "d0:52:a8:a3:60:0f",
691             "eth.addr_resolved": "Physical_a3:60:0f",
692             "eth.lg": "0",
693             "eth.ig": "0"
694           },
695           "eth.type": "0x00000800"
696         },
697         "ip": {
698           "ip.version": "4",
699           "ip.hdr_len": "20",
700           "ip.dsfield": "0x00000000",
701           "ip.dsfield_tree": {
702             "ip.dsfield.dscp": "0",
703             "ip.dsfield.ecn": "0"
704           },
705           "ip.len": "106",
706           "ip.id": "0x000094e9",
707           "ip.flags": "0x00000002",
708           "ip.flags_tree": {
709             "ip.flags.rb": "0",
710             "ip.flags.df": "1",
711             "ip.flags.mf": "0"
712           },
713           "ip.frag_offset": "0",
714           "ip.ttl": "64",
715           "ip.proto": "6",
716           "ip.checksum": "0x00007860",
717           "ip.checksum.status": "2",
718           "ip.src": "192.168.0.242",
719           "ip.addr": "192.168.0.242",
720           "ip.src_host": "192.168.0.242",
721           "ip.host": "192.168.0.242",
722           "ip.dst": "13.59.94.111",
723           "ip.addr": "13.59.94.111",
724           "ip.dst_host": "13.59.94.111",
725           "ip.host": "13.59.94.111",
726           "Source GeoIP: Unknown": "",
727           "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
728             "ip.geoip.dst_country": "United States",
729             "ip.geoip.country": "United States",
730             "ip.geoip.dst_city": "Norwalk, CT",
731             "ip.geoip.city": "Norwalk, CT",
732             "ip.geoip.dst_lat": "41.127102",
733             "ip.geoip.lat": "41.127102",
734             "ip.geoip.dst_lon": "-73.441597",
735             "ip.geoip.lon": "-73.441597"
736           }
737         },
738         "tcp": {
739           "tcp.srcport": "44970",
740           "tcp.dstport": "443",
741           "tcp.port": "44970",
742           "tcp.port": "443",
743           "tcp.stream": "0",
744           "tcp.len": "54",
745           "tcp.seq": "55",
746           "tcp.nxtseq": "109",
747           "tcp.ack": "1",
748           "tcp.hdr_len": "32",
749           "tcp.flags": "0x00000018",
750           "tcp.flags_tree": {
751             "tcp.flags.res": "0",
752             "tcp.flags.ns": "0",
753             "tcp.flags.cwr": "0",
754             "tcp.flags.ecn": "0",
755             "tcp.flags.urg": "0",
756             "tcp.flags.ack": "1",
757             "tcp.flags.push": "1",
758             "tcp.flags.reset": "0",
759             "tcp.flags.syn": "0",
760             "tcp.flags.fin": "0",
761             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
762           },
763           "tcp.window_size_value": "661",
764           "tcp.window_size": "661",
765           "tcp.window_size_scalefactor": "-1",
766           "tcp.checksum": "0x0000714d",
767           "tcp.checksum.status": "2",
768           "tcp.urgent_pointer": "0",
769           "tcp.options": "01:01:08:0a:00:24:b2:21:a7:9a:fb:74",
770           "tcp.options_tree": {
771             "No-Operation (NOP)": {
772               "tcp.options.type": "1",
773               "tcp.options.type_tree": {
774                 "tcp.options.type.copy": "0",
775                 "tcp.options.type.class": "0",
776                 "tcp.options.type.number": "1"
777               }
778             },
779             "No-Operation (NOP)": {
780               "tcp.options.type": "1",
781               "tcp.options.type_tree": {
782                 "tcp.options.type.copy": "0",
783                 "tcp.options.type.class": "0",
784                 "tcp.options.type.number": "1"
785               }
786             },
787             "Timestamps: TSval 2404897, TSecr 2811951988": {
788               "tcp.option_kind": "8",
789               "tcp.option_len": "10",
790               "tcp.options.timestamp.tsval": "2404897",
791               "tcp.options.timestamp.tsecr": "2811951988"
792             }
793           },
794           "tcp.analysis": {
795             "tcp.analysis.bytes_in_flight": "54",
796             "tcp.analysis.push_bytes_sent": "54"
797           }
798         },
799         "ssl": {
800           "ssl.record": {
801             "ssl.record.content_type": "23",
802             "ssl.record.version": "0x00000303",
803             "ssl.record.length": "49",
804             "ssl.app_data": "13:6b:24:d2:9f:7e:44:90:47:73:e4:b3:40:55:49:ce:dd:2d:ea:3a:54:db:c0:d8:86:e7:de:c4:47:a6:dd:55:5f:9a:ba:06:d3:2b:bb:33:22:7d:1e:03:fd:43:97:1b:90"
805           }
806         }
807       }
808     }
809   }
810
811   ,
812   {
813     "_index": "packets-2017-11-01",
814     "_type": "pcap_file",
815     "_score": null,
816     "_source": {
817       "layers": {
818         "frame": {
819           "frame.encap_type": "1",
820           "frame.time": "Oct 31, 2017 16:46:34.564399000 PDT",
821           "frame.offset_shift": "0.000000000",
822           "frame.time_epoch": "1509493594.564399000",
823           "frame.time_delta": "0.004864000",
824           "frame.time_delta_displayed": "0.004864000",
825           "frame.time_relative": "3.103713000",
826           "frame.number": "8",
827           "frame.len": "54",
828           "frame.cap_len": "54",
829           "frame.marked": "0",
830           "frame.ignored": "0",
831           "frame.protocols": "eth:ethertype:ip:tcp"
832         },
833         "eth": {
834           "eth.dst": "00:17:88:69:ee:e4",
835           "eth.dst_tree": {
836             "eth.dst_resolved": "PhilipsL_69:ee:e4",
837             "eth.addr": "00:17:88:69:ee:e4",
838             "eth.addr_resolved": "PhilipsL_69:ee:e4",
839             "eth.lg": "0",
840             "eth.ig": "0"
841           },
842           "eth.src": "b0:b9:8a:73:69:8e",
843           "eth.src_tree": {
844             "eth.src_resolved": "Netgear_73:69:8e",
845             "eth.addr": "b0:b9:8a:73:69:8e",
846             "eth.addr_resolved": "Netgear_73:69:8e",
847             "eth.lg": "0",
848             "eth.ig": "0"
849           },
850           "eth.type": "0x00000800"
851         },
852         "ip": {
853           "ip.version": "4",
854           "ip.hdr_len": "20",
855           "ip.dsfield": "0x00000000",
856           "ip.dsfield_tree": {
857             "ip.dsfield.dscp": "0",
858             "ip.dsfield.ecn": "0"
859           },
860           "ip.len": "40",
861           "ip.id": "0x00000fc0",
862           "ip.flags": "0x00000002",
863           "ip.flags_tree": {
864             "ip.flags.rb": "0",
865             "ip.flags.df": "1",
866             "ip.flags.mf": "0"
867           },
868           "ip.frag_offset": "0",
869           "ip.ttl": "49",
870           "ip.proto": "6",
871           "ip.checksum": "0x0000fdd1",
872           "ip.checksum.status": "2",
873           "ip.src": "104.155.18.91",
874           "ip.addr": "104.155.18.91",
875           "ip.src_host": "104.155.18.91",
876           "ip.host": "104.155.18.91",
877           "ip.dst": "192.168.0.160",
878           "ip.addr": "192.168.0.160",
879           "ip.dst_host": "192.168.0.160",
880           "ip.host": "192.168.0.160",
881           "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": {
882             "ip.geoip.src_country": "United States",
883             "ip.geoip.country": "United States",
884             "ip.geoip.src_asnum": "AS15169 Google Inc.",
885             "ip.geoip.asnum": "AS15169 Google Inc.",
886             "ip.geoip.src_city": "Mountain View, CA",
887             "ip.geoip.city": "Mountain View, CA",
888             "ip.geoip.src_lat": "37.419201",
889             "ip.geoip.lat": "37.419201",
890             "ip.geoip.src_lon": "-122.057404",
891             "ip.geoip.lon": "-122.057404"
892           },
893           "Destination GeoIP: Unknown": ""
894         },
895         "tcp": {
896           "tcp.srcport": "443",
897           "tcp.dstport": "47009",
898           "tcp.port": "443",
899           "tcp.port": "47009",
900           "tcp.stream": "1",
901           "tcp.len": "0",
902           "tcp.seq": "1",
903           "tcp.ack": "2",
904           "tcp.hdr_len": "20",
905           "tcp.flags": "0x00000010",
906           "tcp.flags_tree": {
907             "tcp.flags.res": "0",
908             "tcp.flags.ns": "0",
909             "tcp.flags.cwr": "0",
910             "tcp.flags.ecn": "0",
911             "tcp.flags.urg": "0",
912             "tcp.flags.ack": "1",
913             "tcp.flags.push": "0",
914             "tcp.flags.reset": "0",
915             "tcp.flags.syn": "0",
916             "tcp.flags.fin": "0",
917             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
918           },
919           "tcp.window_size_value": "1337",
920           "tcp.window_size": "1337",
921           "tcp.window_size_scalefactor": "-1",
922           "tcp.checksum": "0x00001134",
923           "tcp.checksum.status": "2",
924           "tcp.urgent_pointer": "0",
925           "tcp.analysis": {
926             "tcp.analysis.flags": {
927               "_ws.expert": {
928                 "tcp.analysis.ack_lost_segment": "",
929                 "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)",
930                 "_ws.expert.severity": "6291456",
931                 "_ws.expert.group": "33554432"
932               }
933             }
934           }
935         }
936       }
937     }
938   }
939
940   ,
941   {
942     "_index": "packets-2017-11-01",
943     "_type": "pcap_file",
944     "_score": null,
945     "_source": {
946       "layers": {
947         "frame": {
948           "frame.encap_type": "1",
949           "frame.time": "Oct 31, 2017 16:46:34.619651000 PDT",
950           "frame.offset_shift": "0.000000000",
951           "frame.time_epoch": "1509493594.619651000",
952           "frame.time_delta": "0.055252000",
953           "frame.time_delta_displayed": "0.055252000",
954           "frame.time_relative": "3.158965000",
955           "frame.number": "9",
956           "frame.len": "66",
957           "frame.cap_len": "66",
958           "frame.marked": "0",
959           "frame.ignored": "0",
960           "frame.protocols": "eth:ethertype:ip:tcp"
961         },
962         "eth": {
963           "eth.dst": "d0:52:a8:a3:60:0f",
964           "eth.dst_tree": {
965             "eth.dst_resolved": "Physical_a3:60:0f",
966             "eth.addr": "d0:52:a8:a3:60:0f",
967             "eth.addr_resolved": "Physical_a3:60:0f",
968             "eth.lg": "0",
969             "eth.ig": "0"
970           },
971           "eth.src": "b0:b9:8a:73:69:8e",
972           "eth.src_tree": {
973             "eth.src_resolved": "Netgear_73:69:8e",
974             "eth.addr": "b0:b9:8a:73:69:8e",
975             "eth.addr_resolved": "Netgear_73:69:8e",
976             "eth.lg": "0",
977             "eth.ig": "0"
978           },
979           "eth.type": "0x00000800"
980         },
981         "ip": {
982           "ip.version": "4",
983           "ip.hdr_len": "20",
984           "ip.dsfield": "0x00000000",
985           "ip.dsfield_tree": {
986             "ip.dsfield.dscp": "0",
987             "ip.dsfield.ecn": "0"
988           },
989           "ip.len": "52",
990           "ip.id": "0x00002be9",
991           "ip.flags": "0x00000002",
992           "ip.flags_tree": {
993             "ip.flags.rb": "0",
994             "ip.flags.df": "1",
995             "ip.flags.mf": "0"
996           },
997           "ip.frag_offset": "0",
998           "ip.ttl": "232",
999           "ip.proto": "6",
1000           "ip.checksum": "0x00003996",
1001           "ip.checksum.status": "2",
1002           "ip.src": "13.59.94.111",
1003           "ip.addr": "13.59.94.111",
1004           "ip.src_host": "13.59.94.111",
1005           "ip.host": "13.59.94.111",
1006           "ip.dst": "192.168.0.242",
1007           "ip.addr": "192.168.0.242",
1008           "ip.dst_host": "192.168.0.242",
1009           "ip.host": "192.168.0.242",
1010           "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
1011             "ip.geoip.src_country": "United States",
1012             "ip.geoip.country": "United States",
1013             "ip.geoip.src_city": "Norwalk, CT",
1014             "ip.geoip.city": "Norwalk, CT",
1015             "ip.geoip.src_lat": "41.127102",
1016             "ip.geoip.lat": "41.127102",
1017             "ip.geoip.src_lon": "-73.441597",
1018             "ip.geoip.lon": "-73.441597"
1019           },
1020           "Destination GeoIP: Unknown": ""
1021         },
1022         "tcp": {
1023           "tcp.srcport": "443",
1024           "tcp.dstport": "44970",
1025           "tcp.port": "443",
1026           "tcp.port": "44970",
1027           "tcp.stream": "0",
1028           "tcp.len": "0",
1029           "tcp.seq": "1",
1030           "tcp.ack": "109",
1031           "tcp.hdr_len": "32",
1032           "tcp.flags": "0x00000010",
1033           "tcp.flags_tree": {
1034             "tcp.flags.res": "0",
1035             "tcp.flags.ns": "0",
1036             "tcp.flags.cwr": "0",
1037             "tcp.flags.ecn": "0",
1038             "tcp.flags.urg": "0",
1039             "tcp.flags.ack": "1",
1040             "tcp.flags.push": "0",
1041             "tcp.flags.reset": "0",
1042             "tcp.flags.syn": "0",
1043             "tcp.flags.fin": "0",
1044             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
1045           },
1046           "tcp.window_size_value": "422",
1047           "tcp.window_size": "422",
1048           "tcp.window_size_scalefactor": "-1",
1049           "tcp.checksum": "0x0000f797",
1050           "tcp.checksum.status": "2",
1051           "tcp.urgent_pointer": "0",
1052           "tcp.options": "01:01:08:0a:a7:9a:fe:6b:00:24:b2:21",
1053           "tcp.options_tree": {
1054             "No-Operation (NOP)": {
1055               "tcp.options.type": "1",
1056               "tcp.options.type_tree": {
1057                 "tcp.options.type.copy": "0",
1058                 "tcp.options.type.class": "0",
1059                 "tcp.options.type.number": "1"
1060               }
1061             },
1062             "No-Operation (NOP)": {
1063               "tcp.options.type": "1",
1064               "tcp.options.type_tree": {
1065                 "tcp.options.type.copy": "0",
1066                 "tcp.options.type.class": "0",
1067                 "tcp.options.type.number": "1"
1068               }
1069             },
1070             "Timestamps: TSval 2811952747, TSecr 2404897": {
1071               "tcp.option_kind": "8",
1072               "tcp.option_len": "10",
1073               "tcp.options.timestamp.tsval": "2811952747",
1074               "tcp.options.timestamp.tsecr": "2404897"
1075             }
1076           },
1077           "tcp.analysis": {
1078             "tcp.analysis.acks_frame": "7",
1079             "tcp.analysis.ack_rtt": "0.060116000"
1080           }
1081         }
1082       }
1083     }
1084   }
1085
1086   ,
1087   {
1088     "_index": "packets-2017-11-01",
1089     "_type": "pcap_file",
1090     "_score": null,
1091     "_source": {
1092       "layers": {
1093         "frame": {
1094           "frame.encap_type": "1",
1095           "frame.time": "Oct 31, 2017 16:46:35.983656000 PDT",
1096           "frame.offset_shift": "0.000000000",
1097           "frame.time_epoch": "1509493595.983656000",
1098           "frame.time_delta": "1.364005000",
1099           "frame.time_delta_displayed": "1.364005000",
1100           "frame.time_relative": "4.522970000",
1101           "frame.number": "10",
1102           "frame.len": "86",
1103           "frame.cap_len": "86",
1104           "frame.marked": "0",
1105           "frame.ignored": "0",
1106           "frame.protocols": "eth:ethertype:ip:udp:data"
1107         },
1108         "eth": {
1109           "eth.dst": "ff:ff:ff:ff:ff:ff",
1110           "eth.dst_tree": {
1111             "eth.dst_resolved": "Broadcast",
1112             "eth.addr": "ff:ff:ff:ff:ff:ff",
1113             "eth.addr_resolved": "Broadcast",
1114             "eth.lg": "1",
1115             "eth.ig": "1"
1116           },
1117           "eth.src": "60:57:18:8e:aa:94",
1118           "eth.src_tree": {
1119             "eth.src_resolved": "IntelCor_8e:aa:94",
1120             "eth.addr": "60:57:18:8e:aa:94",
1121             "eth.addr_resolved": "IntelCor_8e:aa:94",
1122             "eth.lg": "0",
1123             "eth.ig": "0"
1124           },
1125           "eth.type": "0x00000800"
1126         },
1127         "ip": {
1128           "ip.version": "4",
1129           "ip.hdr_len": "20",
1130           "ip.dsfield": "0x00000000",
1131           "ip.dsfield_tree": {
1132             "ip.dsfield.dscp": "0",
1133             "ip.dsfield.ecn": "0"
1134           },
1135           "ip.len": "72",
1136           "ip.id": "0x00005ab2",
1137           "ip.flags": "0x00000000",
1138           "ip.flags_tree": {
1139             "ip.flags.rb": "0",
1140             "ip.flags.df": "0",
1141             "ip.flags.mf": "0"
1142           },
1143           "ip.frag_offset": "0",
1144           "ip.ttl": "128",
1145           "ip.proto": "17",
1146           "ip.checksum": "0x00005d37",
1147           "ip.checksum.status": "2",
1148           "ip.src": "192.168.0.108",
1149           "ip.addr": "192.168.0.108",
1150           "ip.src_host": "192.168.0.108",
1151           "ip.host": "192.168.0.108",
1152           "ip.dst": "192.168.0.255",
1153           "ip.addr": "192.168.0.255",
1154           "ip.dst_host": "192.168.0.255",
1155           "ip.host": "192.168.0.255",
1156           "Source GeoIP: Unknown": "",
1157           "Destination GeoIP: Unknown": ""
1158         },
1159         "udp": {
1160           "udp.srcport": "57621",
1161           "udp.dstport": "57621",
1162           "udp.port": "57621",
1163           "udp.port": "57621",
1164           "udp.length": "52",
1165           "udp.checksum": "0x0000199e",
1166           "udp.checksum.status": "2",
1167           "udp.stream": "1"
1168         },
1169         "data": {
1170           "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30",
1171           "data.len": "44"
1172         }
1173       }
1174     }
1175   }
1176
1177   ,
1178   {
1179     "_index": "packets-2017-11-01",
1180     "_type": "pcap_file",
1181     "_score": null,
1182     "_source": {
1183       "layers": {
1184         "frame": {
1185           "frame.encap_type": "1",
1186           "frame.time": "Oct 31, 2017 16:46:40.218247000 PDT",
1187           "frame.offset_shift": "0.000000000",
1188           "frame.time_epoch": "1509493600.218247000",
1189           "frame.time_delta": "4.234591000",
1190           "frame.time_delta_displayed": "4.234591000",
1191           "frame.time_relative": "8.757561000",
1192           "frame.number": "11",
1193           "frame.len": "130",
1194           "frame.cap_len": "130",
1195           "frame.marked": "0",
1196           "frame.ignored": "0",
1197           "frame.protocols": "eth:ethertype:ip:udp:data"
1198         },
1199         "eth": {
1200           "eth.dst": "ff:ff:ff:ff:ff:ff",
1201           "eth.dst_tree": {
1202             "eth.dst_resolved": "Broadcast",
1203             "eth.addr": "ff:ff:ff:ff:ff:ff",
1204             "eth.addr_resolved": "Broadcast",
1205             "eth.lg": "1",
1206             "eth.ig": "1"
1207           },
1208           "eth.src": "d0:73:d5:02:41:da",
1209           "eth.src_tree": {
1210             "eth.src_resolved": "LifiLabs_02:41:da",
1211             "eth.addr": "d0:73:d5:02:41:da",
1212             "eth.addr_resolved": "LifiLabs_02:41:da",
1213             "eth.lg": "0",
1214             "eth.ig": "0"
1215           },
1216           "eth.type": "0x00000800"
1217         },
1218         "ip": {
1219           "ip.version": "4",
1220           "ip.hdr_len": "20",
1221           "ip.dsfield": "0x00000000",
1222           "ip.dsfield_tree": {
1223             "ip.dsfield.dscp": "0",
1224             "ip.dsfield.ecn": "0"
1225           },
1226           "ip.len": "116",
1227           "ip.id": "0x00000a7c",
1228           "ip.flags": "0x00000002",
1229           "ip.flags_tree": {
1230             "ip.flags.rb": "0",
1231             "ip.flags.df": "1",
1232             "ip.flags.mf": "0"
1233           },
1234           "ip.frag_offset": "0",
1235           "ip.ttl": "255",
1236           "ip.proto": "17",
1237           "ip.checksum": "0x0000ee14",
1238           "ip.checksum.status": "2",
1239           "ip.src": "192.168.0.152",
1240           "ip.addr": "192.168.0.152",
1241           "ip.src_host": "192.168.0.152",
1242           "ip.host": "192.168.0.152",
1243           "ip.dst": "192.168.0.255",
1244           "ip.addr": "192.168.0.255",
1245           "ip.dst_host": "192.168.0.255",
1246           "ip.host": "192.168.0.255",
1247           "Source GeoIP: Unknown": "",
1248           "Destination GeoIP: Unknown": ""
1249         },
1250         "udp": {
1251           "udp.srcport": "56700",
1252           "udp.dstport": "56700",
1253           "udp.port": "56700",
1254           "udp.port": "56700",
1255           "udp.length": "96",
1256           "udp.checksum": "0x0000af75",
1257           "udp.checksum.status": "2",
1258           "udp.stream": "2"
1259         },
1260         "data": {
1261           "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:01:79:55:6e:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
1262           "data.len": "88"
1263         }
1264       }
1265     }
1266   }
1267
1268   ,
1269   {
1270     "_index": "packets-2017-11-01",
1271     "_type": "pcap_file",
1272     "_score": null,
1273     "_source": {
1274       "layers": {
1275         "frame": {
1276           "frame.encap_type": "1",
1277           "frame.time": "Oct 31, 2017 16:46:53.696454000 PDT",
1278           "frame.offset_shift": "0.000000000",
1279           "frame.time_epoch": "1509493613.696454000",
1280           "frame.time_delta": "13.478207000",
1281           "frame.time_delta_displayed": "13.478207000",
1282           "frame.time_relative": "22.235768000",
1283           "frame.number": "12",
1284           "frame.len": "42",
1285           "frame.cap_len": "42",
1286           "frame.marked": "0",
1287           "frame.ignored": "0",
1288           "frame.protocols": "eth:ethertype:arp"
1289         },
1290         "eth": {
1291           "eth.dst": "ff:ff:ff:ff:ff:ff",
1292           "eth.dst_tree": {
1293             "eth.dst_resolved": "Broadcast",
1294             "eth.addr": "ff:ff:ff:ff:ff:ff",
1295             "eth.addr_resolved": "Broadcast",
1296             "eth.lg": "1",
1297             "eth.ig": "1"
1298           },
1299           "eth.src": "50:c7:bf:59:d5:84",
1300           "eth.src_tree": {
1301             "eth.src_resolved": "Tp-LinkT_59:d5:84",
1302             "eth.addr": "50:c7:bf:59:d5:84",
1303             "eth.addr_resolved": "Tp-LinkT_59:d5:84",
1304             "eth.lg": "0",
1305             "eth.ig": "0"
1306           },
1307           "eth.type": "0x00000806"
1308         },
1309         "arp": {
1310           "arp.hw.type": "1",
1311           "arp.proto.type": "0x00000800",
1312           "arp.hw.size": "6",
1313           "arp.proto.size": "4",
1314           "arp.opcode": "1",
1315           "arp.src.hw_mac": "50:c7:bf:59:d5:84",
1316           "arp.src.proto_ipv4": "192.168.0.221",
1317           "arp.dst.hw_mac": "00:00:00:00:00:00",
1318           "arp.dst.proto_ipv4": "192.168.0.1"
1319         }
1320       }
1321     }
1322   }
1323
1324   ,
1325   {
1326     "_index": "packets-2017-11-01",
1327     "_type": "pcap_file",
1328     "_score": null,
1329     "_source": {
1330       "layers": {
1331         "frame": {
1332           "frame.encap_type": "1",
1333           "frame.time": "Oct 31, 2017 16:46:54.771721000 PDT",
1334           "frame.offset_shift": "0.000000000",
1335           "frame.time_epoch": "1509493614.771721000",
1336           "frame.time_delta": "1.075267000",
1337           "frame.time_delta_displayed": "1.075267000",
1338           "frame.time_relative": "23.311035000",
1339           "frame.number": "13",
1340           "frame.len": "54",
1341           "frame.cap_len": "54",
1342           "frame.marked": "0",
1343           "frame.ignored": "0",
1344           "frame.protocols": "eth:ethertype:ip:igmp:igmp"
1345         },
1346         "eth": {
1347           "eth.dst": "01:00:5e:00:00:16",
1348           "eth.dst_tree": {
1349             "eth.dst_resolved": "IPv4mcast_16",
1350             "eth.addr": "01:00:5e:00:00:16",
1351             "eth.addr_resolved": "IPv4mcast_16",
1352             "eth.lg": "0",
1353             "eth.ig": "1"
1354           },
1355           "eth.src": "64:bc:0c:43:3f:40",
1356           "eth.src_tree": {
1357             "eth.src_resolved": "LgElectr_43:3f:40",
1358             "eth.addr": "64:bc:0c:43:3f:40",
1359             "eth.addr_resolved": "LgElectr_43:3f:40",
1360             "eth.lg": "0",
1361             "eth.ig": "0"
1362           },
1363           "eth.type": "0x00000800"
1364         },
1365         "ip": {
1366           "ip.version": "4",
1367           "ip.hdr_len": "24",
1368           "ip.dsfield": "0x000000c0",
1369           "ip.dsfield_tree": {
1370             "ip.dsfield.dscp": "48",
1371             "ip.dsfield.ecn": "0"
1372           },
1373           "ip.len": "40",
1374           "ip.id": "0x00000000",
1375           "ip.flags": "0x00000002",
1376           "ip.flags_tree": {
1377             "ip.flags.rb": "0",
1378             "ip.flags.df": "1",
1379             "ip.flags.mf": "0"
1380           },
1381           "ip.frag_offset": "0",
1382           "ip.ttl": "1",
1383           "ip.proto": "2",
1384           "ip.checksum": "0x000042dc",
1385           "ip.checksum.status": "2",
1386           "ip.src": "192.168.0.117",
1387           "ip.addr": "192.168.0.117",
1388           "ip.src_host": "192.168.0.117",
1389           "ip.host": "192.168.0.117",
1390           "ip.dst": "224.0.0.22",
1391           "ip.addr": "224.0.0.22",
1392           "ip.dst_host": "224.0.0.22",
1393           "ip.host": "224.0.0.22",
1394           "Source GeoIP: Unknown": "",
1395           "Destination GeoIP: Unknown": "",
1396           "Options: (4 bytes), Router Alert": {
1397             "Router Alert (4 bytes): Router shall examine packet (0)": {
1398               "ip.opt.type": "148",
1399               "ip.opt.type_tree": {
1400                 "ip.opt.type.copy": "1",
1401                 "ip.opt.type.class": "0",
1402                 "ip.opt.type.number": "20"
1403               },
1404               "ip.opt.len": "4",
1405               "ip.opt.ra": "0"
1406             }
1407           }
1408         },
1409         "igmp": {
1410           "igmp.version": "3",
1411           "igmp.type": "0x00000022",
1412           "igmp.reserved": "00",
1413           "igmp.checksum": "0x0000fa02",
1414           "igmp.checksum.status": "1",
1415           "igmp.reserved": "00:00",
1416           "igmp.num_grp_recs": "1",
1417           "Group Record : 224.0.0.251  Change To Include Mode": {
1418             "igmp.record_type": "3",
1419             "igmp.aux_data_len": "0",
1420             "igmp.num_src": "0",
1421             "igmp.maddr": "224.0.0.251"
1422           }
1423         }
1424       }
1425     }
1426   }
1427
1428   ,
1429   {
1430     "_index": "packets-2017-11-01",
1431     "_type": "pcap_file",
1432     "_score": null,
1433     "_source": {
1434       "layers": {
1435         "frame": {
1436           "frame.encap_type": "1",
1437           "frame.time": "Oct 31, 2017 16:46:55.758033000 PDT",
1438           "frame.offset_shift": "0.000000000",
1439           "frame.time_epoch": "1509493615.758033000",
1440           "frame.time_delta": "0.986312000",
1441           "frame.time_delta_displayed": "0.986312000",
1442           "frame.time_relative": "24.297347000",
1443           "frame.number": "14",
1444           "frame.len": "20",
1445           "frame.cap_len": "20",
1446           "frame.marked": "0",
1447           "frame.ignored": "0",
1448           "frame.protocols": "eth:llc"
1449         },
1450         "eth": {
1451           "eth.dst": "ff:ff:ff:ff:ff:ff",
1452           "eth.dst_tree": {
1453             "eth.dst_resolved": "Broadcast",
1454             "eth.addr": "ff:ff:ff:ff:ff:ff",
1455             "eth.addr_resolved": "Broadcast",
1456             "eth.lg": "1",
1457             "eth.ig": "1"
1458           },
1459           "eth.src": "ac:cf:23:5a:9c:e2",
1460           "eth.src_tree": {
1461             "eth.src_resolved": "Hi-Flyin_5a:9c:e2",
1462             "eth.addr": "ac:cf:23:5a:9c:e2",
1463             "eth.addr_resolved": "Hi-Flyin_5a:9c:e2",
1464             "eth.lg": "0",
1465             "eth.ig": "0"
1466           },
1467           "eth.len": "6"
1468         },
1469         "llc": {
1470           "llc.dsap": "0x00000000",
1471           "llc.dsap_tree": {
1472             "llc.dsap.sap": "0",
1473             "llc.dsap.ig": "0"
1474           },
1475           "llc.ssap": "0x00000001",
1476           "llc.ssap_tree": {
1477             "llc.ssap.sap": "0",
1478             "llc.ssap.cr": "1"
1479           },
1480           "llc.control": "0x000000af",
1481           "llc.control_tree": {
1482             "llc.control.u_modifier_resp": "0x0000002b",
1483             "llc.control.ftype": "0x00000003"
1484           }
1485         },
1486         "basicxid": {
1487           "basicxid.llc.xid.format": "0x00000081",
1488           "basicxid.llc.xid.types": "0x00000001",
1489           "basicxid.llc.xid.wsize": "0"
1490         }
1491       }
1492     }
1493   }
1494
1495   ,
1496   {
1497     "_index": "packets-2017-11-01",
1498     "_type": "pcap_file",
1499     "_score": null,
1500     "_source": {
1501       "layers": {
1502         "frame": {
1503           "frame.encap_type": "1",
1504           "frame.time": "Oct 31, 2017 16:46:56.017456000 PDT",
1505           "frame.offset_shift": "0.000000000",
1506           "frame.time_epoch": "1509493616.017456000",
1507           "frame.time_delta": "0.259423000",
1508           "frame.time_delta_displayed": "0.259423000",
1509           "frame.time_relative": "24.556770000",
1510           "frame.number": "15",
1511           "frame.len": "350",
1512           "frame.cap_len": "350",
1513           "frame.marked": "0",
1514           "frame.ignored": "0",
1515           "frame.protocols": "eth:ethertype:ip:udp:bootp"
1516         },
1517         "eth": {
1518           "eth.dst": "ff:ff:ff:ff:ff:ff",
1519           "eth.dst_tree": {
1520             "eth.dst_resolved": "Broadcast",
1521             "eth.addr": "ff:ff:ff:ff:ff:ff",
1522             "eth.addr_resolved": "Broadcast",
1523             "eth.lg": "1",
1524             "eth.ig": "1"
1525           },
1526           "eth.src": "ac:cf:23:5a:9c:e2",
1527           "eth.src_tree": {
1528             "eth.src_resolved": "Hi-Flyin_5a:9c:e2",
1529             "eth.addr": "ac:cf:23:5a:9c:e2",
1530             "eth.addr_resolved": "Hi-Flyin_5a:9c:e2",
1531             "eth.lg": "0",
1532             "eth.ig": "0"
1533           },
1534           "eth.type": "0x00000800"
1535         },
1536         "ip": {
1537           "ip.version": "4",
1538           "ip.hdr_len": "20",
1539           "ip.dsfield": "0x00000000",
1540           "ip.dsfield_tree": {
1541             "ip.dsfield.dscp": "0",
1542             "ip.dsfield.ecn": "0"
1543           },
1544           "ip.len": "336",
1545           "ip.id": "0x00000000",
1546           "ip.flags": "0x00000000",
1547           "ip.flags_tree": {
1548             "ip.flags.rb": "0",
1549             "ip.flags.df": "0",
1550             "ip.flags.mf": "0"
1551           },
1552           "ip.frag_offset": "0",
1553           "ip.ttl": "255",
1554           "ip.proto": "17",
1555           "ip.checksum": "0x0000ba9d",
1556           "ip.checksum.status": "2",
1557           "ip.src": "0.0.0.0",
1558           "ip.addr": "0.0.0.0",
1559           "ip.src_host": "0.0.0.0",
1560           "ip.host": "0.0.0.0",
1561           "ip.dst": "255.255.255.255",
1562           "ip.addr": "255.255.255.255",
1563           "ip.dst_host": "255.255.255.255",
1564           "ip.host": "255.255.255.255",
1565           "Source GeoIP: Unknown": "",
1566           "Destination GeoIP: Unknown": ""
1567         },
1568         "udp": {
1569           "udp.srcport": "68",
1570           "udp.dstport": "67",
1571           "udp.port": "68",
1572           "udp.port": "67",
1573           "udp.length": "316",
1574           "udp.checksum": "0x00004f9e",
1575           "udp.checksum.status": "2",
1576           "udp.stream": "3"
1577         },
1578         "bootp": {
1579           "bootp.type": "1",
1580           "bootp.hw.type": "0x00000001",
1581           "bootp.hw.len": "6",
1582           "bootp.hops": "0",
1583           "bootp.id": "0xabcd0001",
1584           "bootp.secs": "0",
1585           "bootp.flags": "0x00000000",
1586           "bootp.flags_tree": {
1587             "bootp.flags.bc": "0",
1588             "bootp.flags.reserved": "0x00000000"
1589           },
1590           "bootp.ip.client": "0.0.0.0",
1591           "bootp.ip.your": "0.0.0.0",
1592           "bootp.ip.server": "0.0.0.0",
1593           "bootp.ip.relay": "0.0.0.0",
1594           "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2",
1595           "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00",
1596           "bootp.server": "",
1597           "bootp.file": "",
1598           "bootp.dhcp": "1",
1599           "bootp.cookie": "99.130.83.99",
1600           "bootp.option.type": "53",
1601           "bootp.option.type_tree": {
1602             "bootp.option.length": "1",
1603             "bootp.option.value": "01",
1604             "bootp.option.dhcp": "1"
1605           },
1606           "bootp.option.type": "12",
1607           "bootp.option.type_tree": {
1608             "bootp.option.length": "14",
1609             "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32",
1610             "bootp.option.hostname": "USR-WIFI232-G2"
1611           },
1612           "bootp.option.type": "57",
1613           "bootp.option.type_tree": {
1614             "bootp.option.length": "2",
1615             "bootp.option.value": "05:dc",
1616             "bootp.option.dhcp_max_message_size": "1500"
1617           },
1618           "bootp.option.type": "55",
1619           "bootp.option.type_tree": {
1620             "bootp.option.length": "4",
1621             "bootp.option.value": "01:03:1c:06",
1622             "bootp.option.request_list_item": "1",
1623             "bootp.option.request_list_item": "3",
1624             "bootp.option.request_list_item": "28",
1625             "bootp.option.request_list_item": "6"
1626           },
1627           "bootp.option.type": "0",
1628           "bootp.option.type_tree": {
1629             "bootp.option.end": "255"
1630           },
1631           "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
1632         }
1633       }
1634     }
1635   }
1636
1637   ,
1638   {
1639     "_index": "packets-2017-11-01",
1640     "_type": "pcap_file",
1641     "_score": null,
1642     "_source": {
1643       "layers": {
1644         "frame": {
1645           "frame.encap_type": "1",
1646           "frame.time": "Oct 31, 2017 16:46:56.033832000 PDT",
1647           "frame.offset_shift": "0.000000000",
1648           "frame.time_epoch": "1509493616.033832000",
1649           "frame.time_delta": "0.016376000",
1650           "frame.time_delta_displayed": "0.016376000",
1651           "frame.time_relative": "24.573146000",
1652           "frame.number": "16",
1653           "frame.len": "350",
1654           "frame.cap_len": "350",
1655           "frame.marked": "0",
1656           "frame.ignored": "0",
1657           "frame.protocols": "eth:ethertype:ip:udp:bootp"
1658         },
1659         "eth": {
1660           "eth.dst": "ff:ff:ff:ff:ff:ff",
1661           "eth.dst_tree": {
1662             "eth.dst_resolved": "Broadcast",
1663             "eth.addr": "ff:ff:ff:ff:ff:ff",
1664             "eth.addr_resolved": "Broadcast",
1665             "eth.lg": "1",
1666             "eth.ig": "1"
1667           },
1668           "eth.src": "ac:cf:23:5a:9c:e2",
1669           "eth.src_tree": {
1670             "eth.src_resolved": "Hi-Flyin_5a:9c:e2",
1671             "eth.addr": "ac:cf:23:5a:9c:e2",
1672             "eth.addr_resolved": "Hi-Flyin_5a:9c:e2",
1673             "eth.lg": "0",
1674             "eth.ig": "0"
1675           },
1676           "eth.type": "0x00000800"
1677         },
1678         "ip": {
1679           "ip.version": "4",
1680           "ip.hdr_len": "20",
1681           "ip.dsfield": "0x00000000",
1682           "ip.dsfield_tree": {
1683             "ip.dsfield.dscp": "0",
1684             "ip.dsfield.ecn": "0"
1685           },
1686           "ip.len": "336",
1687           "ip.id": "0x00000001",
1688           "ip.flags": "0x00000000",
1689           "ip.flags_tree": {
1690             "ip.flags.rb": "0",
1691             "ip.flags.df": "0",
1692             "ip.flags.mf": "0"
1693           },
1694           "ip.frag_offset": "0",
1695           "ip.ttl": "255",
1696           "ip.proto": "17",
1697           "ip.checksum": "0x0000ba9c",
1698           "ip.checksum.status": "2",
1699           "ip.src": "0.0.0.0",
1700           "ip.addr": "0.0.0.0",
1701           "ip.src_host": "0.0.0.0",
1702           "ip.host": "0.0.0.0",
1703           "ip.dst": "255.255.255.255",
1704           "ip.addr": "255.255.255.255",
1705           "ip.dst_host": "255.255.255.255",
1706           "ip.host": "255.255.255.255",
1707           "Source GeoIP: Unknown": "",
1708           "Destination GeoIP: Unknown": ""
1709         },
1710         "udp": {
1711           "udp.srcport": "68",
1712           "udp.dstport": "67",
1713           "udp.port": "68",
1714           "udp.port": "67",
1715           "udp.length": "316",
1716           "udp.checksum": "0x000080b3",
1717           "udp.checksum.status": "2",
1718           "udp.stream": "3"
1719         },
1720         "bootp": {
1721           "bootp.type": "1",
1722           "bootp.hw.type": "0x00000001",
1723           "bootp.hw.len": "6",
1724           "bootp.hops": "0",
1725           "bootp.id": "0xabcd0002",
1726           "bootp.secs": "0",
1727           "bootp.flags": "0x00000000",
1728           "bootp.flags_tree": {
1729             "bootp.flags.bc": "0",
1730             "bootp.flags.reserved": "0x00000000"
1731           },
1732           "bootp.ip.client": "0.0.0.0",
1733           "bootp.ip.your": "0.0.0.0",
1734           "bootp.ip.server": "0.0.0.0",
1735           "bootp.ip.relay": "0.0.0.0",
1736           "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2",
1737           "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00",
1738           "bootp.server": "",
1739           "bootp.file": "",
1740           "bootp.dhcp": "1",
1741           "bootp.cookie": "99.130.83.99",
1742           "bootp.option.type": "53",
1743           "bootp.option.type_tree": {
1744             "bootp.option.length": "1",
1745             "bootp.option.value": "03",
1746             "bootp.option.dhcp": "3"
1747           },
1748           "bootp.option.type": "12",
1749           "bootp.option.type_tree": {
1750             "bootp.option.length": "14",
1751             "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32",
1752             "bootp.option.hostname": "USR-WIFI232-G2"
1753           },
1754           "bootp.option.type": "57",
1755           "bootp.option.type_tree": {
1756             "bootp.option.length": "2",
1757             "bootp.option.value": "05:dc",
1758             "bootp.option.dhcp_max_message_size": "1500"
1759           },
1760           "bootp.option.type": "50",
1761           "bootp.option.type_tree": {
1762             "bootp.option.length": "4",
1763             "bootp.option.value": "c0:a8:00:72",
1764             "bootp.option.requested_ip_address": "192.168.0.114"
1765           },
1766           "bootp.option.type": "54",
1767           "bootp.option.type_tree": {
1768             "bootp.option.length": "4",
1769             "bootp.option.value": "c0:a8:00:01",
1770             "bootp.option.dhcp_server_id": "192.168.0.1"
1771           },
1772           "bootp.option.type": "55",
1773           "bootp.option.type_tree": {
1774             "bootp.option.length": "4",
1775             "bootp.option.value": "01:03:1c:06",
1776             "bootp.option.request_list_item": "1",
1777             "bootp.option.request_list_item": "3",
1778             "bootp.option.request_list_item": "28",
1779             "bootp.option.request_list_item": "6"
1780           },
1781           "bootp.option.type": "0",
1782           "bootp.option.type_tree": {
1783             "bootp.option.end": "255"
1784           },
1785           "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
1786         }
1787       }
1788     }
1789   }
1790
1791   ,
1792   {
1793     "_index": "packets-2017-11-01",
1794     "_type": "pcap_file",
1795     "_score": null,
1796     "_source": {
1797       "layers": {
1798         "frame": {
1799           "frame.encap_type": "1",
1800           "frame.time": "Oct 31, 2017 16:46:56.048621000 PDT",
1801           "frame.offset_shift": "0.000000000",
1802           "frame.time_epoch": "1509493616.048621000",
1803           "frame.time_delta": "0.014789000",
1804           "frame.time_delta_displayed": "0.014789000",
1805           "frame.time_relative": "24.587935000",
1806           "frame.number": "17",
1807           "frame.len": "42",
1808           "frame.cap_len": "42",
1809           "frame.marked": "0",
1810           "frame.ignored": "0",
1811           "frame.protocols": "eth:ethertype:arp"
1812         },
1813         "eth": {
1814           "eth.dst": "ff:ff:ff:ff:ff:ff",
1815           "eth.dst_tree": {
1816             "eth.dst_resolved": "Broadcast",
1817             "eth.addr": "ff:ff:ff:ff:ff:ff",
1818             "eth.addr_resolved": "Broadcast",
1819             "eth.lg": "1",
1820             "eth.ig": "1"
1821           },
1822           "eth.src": "ac:cf:23:5a:9c:e2",
1823           "eth.src_tree": {
1824             "eth.src_resolved": "Hi-Flyin_5a:9c:e2",
1825             "eth.addr": "ac:cf:23:5a:9c:e2",
1826             "eth.addr_resolved": "Hi-Flyin_5a:9c:e2",
1827             "eth.lg": "0",
1828             "eth.ig": "0"
1829           },
1830           "eth.type": "0x00000806"
1831         },
1832         "arp": {
1833           "arp.hw.type": "1",
1834           "arp.proto.type": "0x00000800",
1835           "arp.hw.size": "6",
1836           "arp.proto.size": "4",
1837           "arp.opcode": "1",
1838           "arp.src.hw_mac": "ac:cf:23:5a:9c:e2",
1839           "arp.src.proto_ipv4": "0.0.0.0",
1840           "arp.dst.hw_mac": "00:00:00:00:00:00",
1841           "arp.dst.proto_ipv4": "192.168.0.114"
1842         }
1843       }
1844     }
1845   }
1846
1847   ,
1848   {
1849     "_index": "packets-2017-11-01",
1850     "_type": "pcap_file",
1851     "_score": null,
1852     "_source": {
1853       "layers": {
1854         "frame": {
1855           "frame.encap_type": "1",
1856           "frame.time": "Oct 31, 2017 16:46:56.132571000 PDT",
1857           "frame.offset_shift": "0.000000000",
1858           "frame.time_epoch": "1509493616.132571000",
1859           "frame.time_delta": "0.083950000",
1860           "frame.time_delta_displayed": "0.083950000",
1861           "frame.time_relative": "24.671885000",
1862           "frame.number": "18",
1863           "frame.len": "42",
1864           "frame.cap_len": "42",
1865           "frame.marked": "0",
1866           "frame.ignored": "0",
1867           "frame.protocols": "eth:ethertype:arp"
1868         },
1869         "eth": {
1870           "eth.dst": "ff:ff:ff:ff:ff:ff",
1871           "eth.dst_tree": {
1872             "eth.dst_resolved": "Broadcast",
1873             "eth.addr": "ff:ff:ff:ff:ff:ff",
1874             "eth.addr_resolved": "Broadcast",
1875             "eth.lg": "1",
1876             "eth.ig": "1"
1877           },
1878           "eth.src": "ac:cf:23:5a:9c:e2",
1879           "eth.src_tree": {
1880             "eth.src_resolved": "Hi-Flyin_5a:9c:e2",
1881             "eth.addr": "ac:cf:23:5a:9c:e2",
1882             "eth.addr_resolved": "Hi-Flyin_5a:9c:e2",
1883             "eth.lg": "0",
1884             "eth.ig": "0"
1885           },
1886           "eth.type": "0x00000806"
1887         },
1888         "arp": {
1889           "arp.hw.type": "1",
1890           "arp.proto.type": "0x00000800",
1891           "arp.hw.size": "6",
1892           "arp.proto.size": "4",
1893           "arp.opcode": "1",
1894           "arp.src.hw_mac": "ac:cf:23:5a:9c:e2",
1895           "arp.src.proto_ipv4": "0.0.0.0",
1896           "arp.dst.hw_mac": "00:00:00:00:00:00",
1897           "arp.dst.proto_ipv4": "192.168.0.114"
1898         }
1899       }
1900     }
1901   }
1902
1903   ,
1904   {
1905     "_index": "packets-2017-11-01",
1906     "_type": "pcap_file",
1907     "_score": null,
1908     "_source": {
1909       "layers": {
1910         "frame": {
1911           "frame.encap_type": "1",
1912           "frame.time": "Oct 31, 2017 16:46:58.485460000 PDT",
1913           "frame.offset_shift": "0.000000000",
1914           "frame.time_epoch": "1509493618.485460000",
1915           "frame.time_delta": "2.352889000",
1916           "frame.time_delta_displayed": "2.352889000",
1917           "frame.time_relative": "27.024774000",
1918           "frame.number": "19",
1919           "frame.len": "90",
1920           "frame.cap_len": "90",
1921           "frame.marked": "0",
1922           "frame.ignored": "0",
1923           "frame.protocols": "eth:ethertype:ip:udp:ntp"
1924         },
1925         "eth": {
1926           "eth.dst": "b0:b9:8a:73:69:8e",
1927           "eth.dst_tree": {
1928             "eth.dst_resolved": "Netgear_73:69:8e",
1929             "eth.addr": "b0:b9:8a:73:69:8e",
1930             "eth.addr_resolved": "Netgear_73:69:8e",
1931             "eth.lg": "0",
1932             "eth.ig": "0"
1933           },
1934           "eth.src": "00:17:88:69:ee:e4",
1935           "eth.src_tree": {
1936             "eth.src_resolved": "PhilipsL_69:ee:e4",
1937             "eth.addr": "00:17:88:69:ee:e4",
1938             "eth.addr_resolved": "PhilipsL_69:ee:e4",
1939             "eth.lg": "0",
1940             "eth.ig": "0"
1941           },
1942           "eth.type": "0x00000800"
1943         },
1944         "ip": {
1945           "ip.version": "4",
1946           "ip.hdr_len": "20",
1947           "ip.dsfield": "0x00000010",
1948           "ip.dsfield_tree": {
1949             "ip.dsfield.dscp": "4",
1950             "ip.dsfield.ecn": "0"
1951           },
1952           "ip.len": "76",
1953           "ip.id": "0x00004864",
1954           "ip.flags": "0x00000002",
1955           "ip.flags_tree": {
1956             "ip.flags.rb": "0",
1957             "ip.flags.df": "1",
1958             "ip.flags.mf": "0"
1959           },
1960           "ip.frag_offset": "0",
1961           "ip.ttl": "64",
1962           "ip.proto": "17",
1963           "ip.checksum": "0x0000106c",
1964           "ip.checksum.status": "2",
1965           "ip.src": "192.168.0.160",
1966           "ip.addr": "192.168.0.160",
1967           "ip.src_host": "192.168.0.160",
1968           "ip.host": "192.168.0.160",
1969           "ip.dst": "74.117.214.3",
1970           "ip.addr": "74.117.214.3",
1971           "ip.dst_host": "74.117.214.3",
1972           "ip.host": "74.117.214.3",
1973           "Source GeoIP: Unknown": "",
1974           "Destination GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": {
1975             "ip.geoip.dst_country": "United States",
1976             "ip.geoip.country": "United States",
1977             "ip.geoip.dst_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.",
1978             "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.",
1979             "ip.geoip.dst_city": "Pullman, WA",
1980             "ip.geoip.city": "Pullman, WA",
1981             "ip.geoip.dst_lat": "46.732201",
1982             "ip.geoip.lat": "46.732201",
1983             "ip.geoip.dst_lon": "-117.245598",
1984             "ip.geoip.lon": "-117.245598"
1985           }
1986         },
1987         "udp": {
1988           "udp.srcport": "34835",
1989           "udp.dstport": "123",
1990           "udp.port": "34835",
1991           "udp.port": "123",
1992           "udp.length": "56",
1993           "udp.checksum": "0x0000311c",
1994           "udp.checksum.status": "2",
1995           "udp.stream": "4"
1996         },
1997         "ntp": {
1998           "ntp.flags": "0x00000023",
1999           "ntp.flags_tree": {
2000             "ntp.flags.li": "0",
2001             "ntp.flags.vn": "4",
2002             "ntp.flags.mode": "3"
2003           },
2004           "ntp.stratum": "0",
2005           "ntp.ppoll": "0",
2006           "ntp.precision": "0",
2007           "ntp.rootdelay": "0",
2008           "ntp.rootdispersion": "0",
2009           "ntp.refid": "00:00:00:00",
2010           "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST",
2011           "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST",
2012           "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST",
2013           "ntp.xmt": "Jan  7, 2089 02:20:12.279176000 PST"
2014         }
2015       }
2016     }
2017   }
2018
2019   ,
2020   {
2021     "_index": "packets-2017-11-01",
2022     "_type": "pcap_file",
2023     "_score": null,
2024     "_source": {
2025       "layers": {
2026         "frame": {
2027           "frame.encap_type": "1",
2028           "frame.time": "Oct 31, 2017 16:46:58.525889000 PDT",
2029           "frame.offset_shift": "0.000000000",
2030           "frame.time_epoch": "1509493618.525889000",
2031           "frame.time_delta": "0.040429000",
2032           "frame.time_delta_displayed": "0.040429000",
2033           "frame.time_relative": "27.065203000",
2034           "frame.number": "20",
2035           "frame.len": "90",
2036           "frame.cap_len": "90",
2037           "frame.marked": "0",
2038           "frame.ignored": "0",
2039           "frame.protocols": "eth:ethertype:ip:udp:ntp"
2040         },
2041         "eth": {
2042           "eth.dst": "00:17:88:69:ee:e4",
2043           "eth.dst_tree": {
2044             "eth.dst_resolved": "PhilipsL_69:ee:e4",
2045             "eth.addr": "00:17:88:69:ee:e4",
2046             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2047             "eth.lg": "0",
2048             "eth.ig": "0"
2049           },
2050           "eth.src": "b0:b9:8a:73:69:8e",
2051           "eth.src_tree": {
2052             "eth.src_resolved": "Netgear_73:69:8e",
2053             "eth.addr": "b0:b9:8a:73:69:8e",
2054             "eth.addr_resolved": "Netgear_73:69:8e",
2055             "eth.lg": "0",
2056             "eth.ig": "0"
2057           },
2058           "eth.type": "0x00000800"
2059         },
2060         "ip": {
2061           "ip.version": "4",
2062           "ip.hdr_len": "20",
2063           "ip.dsfield": "0x00000000",
2064           "ip.dsfield_tree": {
2065             "ip.dsfield.dscp": "0",
2066             "ip.dsfield.ecn": "0"
2067           },
2068           "ip.len": "76",
2069           "ip.id": "0x0000c8eb",
2070           "ip.flags": "0x00000002",
2071           "ip.flags_tree": {
2072             "ip.flags.rb": "0",
2073             "ip.flags.df": "1",
2074             "ip.flags.mf": "0"
2075           },
2076           "ip.frag_offset": "0",
2077           "ip.ttl": "44",
2078           "ip.proto": "17",
2079           "ip.checksum": "0x0000a3f4",
2080           "ip.checksum.status": "2",
2081           "ip.src": "74.117.214.3",
2082           "ip.addr": "74.117.214.3",
2083           "ip.src_host": "74.117.214.3",
2084           "ip.host": "74.117.214.3",
2085           "ip.dst": "192.168.0.160",
2086           "ip.addr": "192.168.0.160",
2087           "ip.dst_host": "192.168.0.160",
2088           "ip.host": "192.168.0.160",
2089           "Source GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": {
2090             "ip.geoip.src_country": "United States",
2091             "ip.geoip.country": "United States",
2092             "ip.geoip.src_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.",
2093             "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.",
2094             "ip.geoip.src_city": "Pullman, WA",
2095             "ip.geoip.city": "Pullman, WA",
2096             "ip.geoip.src_lat": "46.732201",
2097             "ip.geoip.lat": "46.732201",
2098             "ip.geoip.src_lon": "-117.245598",
2099             "ip.geoip.lon": "-117.245598"
2100           },
2101           "Destination GeoIP: Unknown": ""
2102         },
2103         "udp": {
2104           "udp.srcport": "123",
2105           "udp.dstport": "34835",
2106           "udp.port": "123",
2107           "udp.port": "34835",
2108           "udp.length": "56",
2109           "udp.checksum": "0x000063c1",
2110           "udp.checksum.status": "2",
2111           "udp.stream": "4"
2112         },
2113         "ntp": {
2114           "ntp.flags": "0x00000024",
2115           "ntp.flags_tree": {
2116             "ntp.flags.li": "0",
2117             "ntp.flags.vn": "4",
2118             "ntp.flags.mode": "4"
2119           },
2120           "ntp.stratum": "1",
2121           "ntp.ppoll": "3",
2122           "ntp.precision": "-23",
2123           "ntp.rootdelay": "0",
2124           "ntp.rootdispersion": "0.001068115234375",
2125           "ntp.refid": "50:50:53:00",
2126           "ntp.reftime": "Oct 31, 2017 16:46:53.114475000 PDT",
2127           "ntp.org": "Jan  7, 2089 02:20:12.279176000 PST",
2128           "ntp.rec": "Oct 31, 2017 16:46:58.514446000 PDT",
2129           "ntp.xmt": "Oct 31, 2017 16:46:58.514477000 PDT"
2130         }
2131       }
2132     }
2133   }
2134
2135   ,
2136   {
2137     "_index": "packets-2017-11-01",
2138     "_type": "pcap_file",
2139     "_score": null,
2140     "_source": {
2141       "layers": {
2142         "frame": {
2143           "frame.encap_type": "1",
2144           "frame.time": "Oct 31, 2017 16:47:00.543661000 PDT",
2145           "frame.offset_shift": "0.000000000",
2146           "frame.time_epoch": "1509493620.543661000",
2147           "frame.time_delta": "2.017772000",
2148           "frame.time_delta_displayed": "2.017772000",
2149           "frame.time_relative": "29.082975000",
2150           "frame.number": "21",
2151           "frame.len": "115",
2152           "frame.cap_len": "115",
2153           "frame.marked": "0",
2154           "frame.ignored": "0",
2155           "frame.protocols": "eth:ethertype:ip:tcp:ssl"
2156         },
2157         "eth": {
2158           "eth.dst": "b0:b9:8a:73:69:8e",
2159           "eth.dst_tree": {
2160             "eth.dst_resolved": "Netgear_73:69:8e",
2161             "eth.addr": "b0:b9:8a:73:69:8e",
2162             "eth.addr_resolved": "Netgear_73:69:8e",
2163             "eth.lg": "0",
2164             "eth.ig": "0"
2165           },
2166           "eth.src": "d0:52:a8:a3:60:0f",
2167           "eth.src_tree": {
2168             "eth.src_resolved": "Physical_a3:60:0f",
2169             "eth.addr": "d0:52:a8:a3:60:0f",
2170             "eth.addr_resolved": "Physical_a3:60:0f",
2171             "eth.lg": "0",
2172             "eth.ig": "0"
2173           },
2174           "eth.type": "0x00000800"
2175         },
2176         "ip": {
2177           "ip.version": "4",
2178           "ip.hdr_len": "20",
2179           "ip.dsfield": "0x00000000",
2180           "ip.dsfield_tree": {
2181             "ip.dsfield.dscp": "0",
2182             "ip.dsfield.ecn": "0"
2183           },
2184           "ip.len": "101",
2185           "ip.id": "0x000094ea",
2186           "ip.flags": "0x00000002",
2187           "ip.flags_tree": {
2188             "ip.flags.rb": "0",
2189             "ip.flags.df": "1",
2190             "ip.flags.mf": "0"
2191           },
2192           "ip.frag_offset": "0",
2193           "ip.ttl": "64",
2194           "ip.proto": "6",
2195           "ip.checksum": "0x00007864",
2196           "ip.checksum.status": "2",
2197           "ip.src": "192.168.0.242",
2198           "ip.addr": "192.168.0.242",
2199           "ip.src_host": "192.168.0.242",
2200           "ip.host": "192.168.0.242",
2201           "ip.dst": "13.59.94.111",
2202           "ip.addr": "13.59.94.111",
2203           "ip.dst_host": "13.59.94.111",
2204           "ip.host": "13.59.94.111",
2205           "Source GeoIP: Unknown": "",
2206           "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
2207             "ip.geoip.dst_country": "United States",
2208             "ip.geoip.country": "United States",
2209             "ip.geoip.dst_city": "Norwalk, CT",
2210             "ip.geoip.city": "Norwalk, CT",
2211             "ip.geoip.dst_lat": "41.127102",
2212             "ip.geoip.lat": "41.127102",
2213             "ip.geoip.dst_lon": "-73.441597",
2214             "ip.geoip.lon": "-73.441597"
2215           }
2216         },
2217         "tcp": {
2218           "tcp.srcport": "44970",
2219           "tcp.dstport": "443",
2220           "tcp.port": "44970",
2221           "tcp.port": "443",
2222           "tcp.stream": "0",
2223           "tcp.len": "49",
2224           "tcp.seq": "109",
2225           "tcp.nxtseq": "158",
2226           "tcp.ack": "1",
2227           "tcp.hdr_len": "32",
2228           "tcp.flags": "0x00000018",
2229           "tcp.flags_tree": {
2230             "tcp.flags.res": "0",
2231             "tcp.flags.ns": "0",
2232             "tcp.flags.cwr": "0",
2233             "tcp.flags.ecn": "0",
2234             "tcp.flags.urg": "0",
2235             "tcp.flags.ack": "1",
2236             "tcp.flags.push": "1",
2237             "tcp.flags.reset": "0",
2238             "tcp.flags.syn": "0",
2239             "tcp.flags.fin": "0",
2240             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
2241           },
2242           "tcp.window_size_value": "661",
2243           "tcp.window_size": "661",
2244           "tcp.window_size_scalefactor": "-1",
2245           "tcp.checksum": "0x00005de4",
2246           "tcp.checksum.status": "2",
2247           "tcp.urgent_pointer": "0",
2248           "tcp.options": "01:01:08:0a:00:24:bc:47:a7:9a:fe:6b",
2249           "tcp.options_tree": {
2250             "No-Operation (NOP)": {
2251               "tcp.options.type": "1",
2252               "tcp.options.type_tree": {
2253                 "tcp.options.type.copy": "0",
2254                 "tcp.options.type.class": "0",
2255                 "tcp.options.type.number": "1"
2256               }
2257             },
2258             "No-Operation (NOP)": {
2259               "tcp.options.type": "1",
2260               "tcp.options.type_tree": {
2261                 "tcp.options.type.copy": "0",
2262                 "tcp.options.type.class": "0",
2263                 "tcp.options.type.number": "1"
2264               }
2265             },
2266             "Timestamps: TSval 2407495, TSecr 2811952747": {
2267               "tcp.option_kind": "8",
2268               "tcp.option_len": "10",
2269               "tcp.options.timestamp.tsval": "2407495",
2270               "tcp.options.timestamp.tsecr": "2811952747"
2271             }
2272           },
2273           "tcp.analysis": {
2274             "tcp.analysis.bytes_in_flight": "49",
2275             "tcp.analysis.push_bytes_sent": "49"
2276           }
2277         },
2278         "ssl": {
2279           "ssl.record": {
2280             "ssl.record.content_type": "23",
2281             "ssl.record.version": "0x00000303",
2282             "ssl.record.length": "44",
2283             "ssl.app_data": "13:6b:24:d2:9f:7e:44:91:96:6d:d1:4d:44:24:23:66:a2:95:ac:22:a2:1e:a9:8c:7d:3a:ba:54:0b:7a:83:23:4b:76:94:8b:6a:3b:c2:e4:f3:9b:15:67"
2284           }
2285         }
2286       }
2287     }
2288   }
2289
2290   ,
2291   {
2292     "_index": "packets-2017-11-01",
2293     "_type": "pcap_file",
2294     "_score": null,
2295     "_source": {
2296       "layers": {
2297         "frame": {
2298           "frame.encap_type": "1",
2299           "frame.time": "Oct 31, 2017 16:47:00.603876000 PDT",
2300           "frame.offset_shift": "0.000000000",
2301           "frame.time_epoch": "1509493620.603876000",
2302           "frame.time_delta": "0.060215000",
2303           "frame.time_delta_displayed": "0.060215000",
2304           "frame.time_relative": "29.143190000",
2305           "frame.number": "22",
2306           "frame.len": "66",
2307           "frame.cap_len": "66",
2308           "frame.marked": "0",
2309           "frame.ignored": "0",
2310           "frame.protocols": "eth:ethertype:ip:tcp"
2311         },
2312         "eth": {
2313           "eth.dst": "d0:52:a8:a3:60:0f",
2314           "eth.dst_tree": {
2315             "eth.dst_resolved": "Physical_a3:60:0f",
2316             "eth.addr": "d0:52:a8:a3:60:0f",
2317             "eth.addr_resolved": "Physical_a3:60:0f",
2318             "eth.lg": "0",
2319             "eth.ig": "0"
2320           },
2321           "eth.src": "b0:b9:8a:73:69:8e",
2322           "eth.src_tree": {
2323             "eth.src_resolved": "Netgear_73:69:8e",
2324             "eth.addr": "b0:b9:8a:73:69:8e",
2325             "eth.addr_resolved": "Netgear_73:69:8e",
2326             "eth.lg": "0",
2327             "eth.ig": "0"
2328           },
2329           "eth.type": "0x00000800"
2330         },
2331         "ip": {
2332           "ip.version": "4",
2333           "ip.hdr_len": "20",
2334           "ip.dsfield": "0x00000000",
2335           "ip.dsfield_tree": {
2336             "ip.dsfield.dscp": "0",
2337             "ip.dsfield.ecn": "0"
2338           },
2339           "ip.len": "52",
2340           "ip.id": "0x00002bea",
2341           "ip.flags": "0x00000002",
2342           "ip.flags_tree": {
2343             "ip.flags.rb": "0",
2344             "ip.flags.df": "1",
2345             "ip.flags.mf": "0"
2346           },
2347           "ip.frag_offset": "0",
2348           "ip.ttl": "232",
2349           "ip.proto": "6",
2350           "ip.checksum": "0x00003995",
2351           "ip.checksum.status": "2",
2352           "ip.src": "13.59.94.111",
2353           "ip.addr": "13.59.94.111",
2354           "ip.src_host": "13.59.94.111",
2355           "ip.host": "13.59.94.111",
2356           "ip.dst": "192.168.0.242",
2357           "ip.addr": "192.168.0.242",
2358           "ip.dst_host": "192.168.0.242",
2359           "ip.host": "192.168.0.242",
2360           "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
2361             "ip.geoip.src_country": "United States",
2362             "ip.geoip.country": "United States",
2363             "ip.geoip.src_city": "Norwalk, CT",
2364             "ip.geoip.city": "Norwalk, CT",
2365             "ip.geoip.src_lat": "41.127102",
2366             "ip.geoip.lat": "41.127102",
2367             "ip.geoip.src_lon": "-73.441597",
2368             "ip.geoip.lon": "-73.441597"
2369           },
2370           "Destination GeoIP: Unknown": ""
2371         },
2372         "tcp": {
2373           "tcp.srcport": "443",
2374           "tcp.dstport": "44970",
2375           "tcp.port": "443",
2376           "tcp.port": "44970",
2377           "tcp.stream": "0",
2378           "tcp.len": "0",
2379           "tcp.seq": "1",
2380           "tcp.ack": "158",
2381           "tcp.hdr_len": "32",
2382           "tcp.flags": "0x00000010",
2383           "tcp.flags_tree": {
2384             "tcp.flags.res": "0",
2385             "tcp.flags.ns": "0",
2386             "tcp.flags.cwr": "0",
2387             "tcp.flags.ecn": "0",
2388             "tcp.flags.urg": "0",
2389             "tcp.flags.ack": "1",
2390             "tcp.flags.push": "0",
2391             "tcp.flags.reset": "0",
2392             "tcp.flags.syn": "0",
2393             "tcp.flags.fin": "0",
2394             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
2395           },
2396           "tcp.window_size_value": "422",
2397           "tcp.window_size": "422",
2398           "tcp.window_size_scalefactor": "-1",
2399           "tcp.checksum": "0x0000d3e0",
2400           "tcp.checksum.status": "2",
2401           "tcp.urgent_pointer": "0",
2402           "tcp.options": "01:01:08:0a:a7:9b:17:cb:00:24:bc:47",
2403           "tcp.options_tree": {
2404             "No-Operation (NOP)": {
2405               "tcp.options.type": "1",
2406               "tcp.options.type_tree": {
2407                 "tcp.options.type.copy": "0",
2408                 "tcp.options.type.class": "0",
2409                 "tcp.options.type.number": "1"
2410               }
2411             },
2412             "No-Operation (NOP)": {
2413               "tcp.options.type": "1",
2414               "tcp.options.type_tree": {
2415                 "tcp.options.type.copy": "0",
2416                 "tcp.options.type.class": "0",
2417                 "tcp.options.type.number": "1"
2418               }
2419             },
2420             "Timestamps: TSval 2811959243, TSecr 2407495": {
2421               "tcp.option_kind": "8",
2422               "tcp.option_len": "10",
2423               "tcp.options.timestamp.tsval": "2811959243",
2424               "tcp.options.timestamp.tsecr": "2407495"
2425             }
2426           },
2427           "tcp.analysis": {
2428             "tcp.analysis.acks_frame": "21",
2429             "tcp.analysis.ack_rtt": "0.060215000"
2430           }
2431         }
2432       }
2433     }
2434   }
2435
2436   ,
2437   {
2438     "_index": "packets-2017-11-01",
2439     "_type": "pcap_file",
2440     "_score": null,
2441     "_source": {
2442       "layers": {
2443         "frame": {
2444           "frame.encap_type": "1",
2445           "frame.time": "Oct 31, 2017 16:47:00.604430000 PDT",
2446           "frame.offset_shift": "0.000000000",
2447           "frame.time_epoch": "1509493620.604430000",
2448           "frame.time_delta": "0.000554000",
2449           "frame.time_delta_displayed": "0.000554000",
2450           "frame.time_relative": "29.143744000",
2451           "frame.number": "23",
2452           "frame.len": "121",
2453           "frame.cap_len": "121",
2454           "frame.marked": "0",
2455           "frame.ignored": "0",
2456           "frame.protocols": "eth:ethertype:ip:tcp:ssl"
2457         },
2458         "eth": {
2459           "eth.dst": "d0:52:a8:a3:60:0f",
2460           "eth.dst_tree": {
2461             "eth.dst_resolved": "Physical_a3:60:0f",
2462             "eth.addr": "d0:52:a8:a3:60:0f",
2463             "eth.addr_resolved": "Physical_a3:60:0f",
2464             "eth.lg": "0",
2465             "eth.ig": "0"
2466           },
2467           "eth.src": "b0:b9:8a:73:69:8e",
2468           "eth.src_tree": {
2469             "eth.src_resolved": "Netgear_73:69:8e",
2470             "eth.addr": "b0:b9:8a:73:69:8e",
2471             "eth.addr_resolved": "Netgear_73:69:8e",
2472             "eth.lg": "0",
2473             "eth.ig": "0"
2474           },
2475           "eth.type": "0x00000800"
2476         },
2477         "ip": {
2478           "ip.version": "4",
2479           "ip.hdr_len": "20",
2480           "ip.dsfield": "0x00000000",
2481           "ip.dsfield_tree": {
2482             "ip.dsfield.dscp": "0",
2483             "ip.dsfield.ecn": "0"
2484           },
2485           "ip.len": "107",
2486           "ip.id": "0x00002beb",
2487           "ip.flags": "0x00000002",
2488           "ip.flags_tree": {
2489             "ip.flags.rb": "0",
2490             "ip.flags.df": "1",
2491             "ip.flags.mf": "0"
2492           },
2493           "ip.frag_offset": "0",
2494           "ip.ttl": "232",
2495           "ip.proto": "6",
2496           "ip.checksum": "0x0000395d",
2497           "ip.checksum.status": "2",
2498           "ip.src": "13.59.94.111",
2499           "ip.addr": "13.59.94.111",
2500           "ip.src_host": "13.59.94.111",
2501           "ip.host": "13.59.94.111",
2502           "ip.dst": "192.168.0.242",
2503           "ip.addr": "192.168.0.242",
2504           "ip.dst_host": "192.168.0.242",
2505           "ip.host": "192.168.0.242",
2506           "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
2507             "ip.geoip.src_country": "United States",
2508             "ip.geoip.country": "United States",
2509             "ip.geoip.src_city": "Norwalk, CT",
2510             "ip.geoip.city": "Norwalk, CT",
2511             "ip.geoip.src_lat": "41.127102",
2512             "ip.geoip.lat": "41.127102",
2513             "ip.geoip.src_lon": "-73.441597",
2514             "ip.geoip.lon": "-73.441597"
2515           },
2516           "Destination GeoIP: Unknown": ""
2517         },
2518         "tcp": {
2519           "tcp.srcport": "443",
2520           "tcp.dstport": "44970",
2521           "tcp.port": "443",
2522           "tcp.port": "44970",
2523           "tcp.stream": "0",
2524           "tcp.len": "55",
2525           "tcp.seq": "1",
2526           "tcp.nxtseq": "56",
2527           "tcp.ack": "158",
2528           "tcp.hdr_len": "32",
2529           "tcp.flags": "0x00000018",
2530           "tcp.flags_tree": {
2531             "tcp.flags.res": "0",
2532             "tcp.flags.ns": "0",
2533             "tcp.flags.cwr": "0",
2534             "tcp.flags.ecn": "0",
2535             "tcp.flags.urg": "0",
2536             "tcp.flags.ack": "1",
2537             "tcp.flags.push": "1",
2538             "tcp.flags.reset": "0",
2539             "tcp.flags.syn": "0",
2540             "tcp.flags.fin": "0",
2541             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
2542           },
2543           "tcp.window_size_value": "422",
2544           "tcp.window_size": "422",
2545           "tcp.window_size_scalefactor": "-1",
2546           "tcp.checksum": "0x0000913d",
2547           "tcp.checksum.status": "2",
2548           "tcp.urgent_pointer": "0",
2549           "tcp.options": "01:01:08:0a:a7:9b:17:cb:00:24:bc:47",
2550           "tcp.options_tree": {
2551             "No-Operation (NOP)": {
2552               "tcp.options.type": "1",
2553               "tcp.options.type_tree": {
2554                 "tcp.options.type.copy": "0",
2555                 "tcp.options.type.class": "0",
2556                 "tcp.options.type.number": "1"
2557               }
2558             },
2559             "No-Operation (NOP)": {
2560               "tcp.options.type": "1",
2561               "tcp.options.type_tree": {
2562                 "tcp.options.type.copy": "0",
2563                 "tcp.options.type.class": "0",
2564                 "tcp.options.type.number": "1"
2565               }
2566             },
2567             "Timestamps: TSval 2811959243, TSecr 2407495": {
2568               "tcp.option_kind": "8",
2569               "tcp.option_len": "10",
2570               "tcp.options.timestamp.tsval": "2811959243",
2571               "tcp.options.timestamp.tsecr": "2407495"
2572             }
2573           },
2574           "tcp.analysis": {
2575             "tcp.analysis.bytes_in_flight": "55",
2576             "tcp.analysis.push_bytes_sent": "55"
2577           }
2578         },
2579         "ssl": {
2580           "ssl.record": {
2581             "ssl.record.content_type": "23",
2582             "ssl.record.version": "0x00000303",
2583             "ssl.record.length": "50",
2584             "ssl.app_data": "34:cd:34:17:47:48:0e:2d:cd:91:0a:2a:7b:f0:0d:6f:02:ea:4c:c2:c1:25:61:5c:a0:94:d4:c7:75:e1:78:0d:a0:ed:b3:8c:e2:31:ea:1a:39:f2:81:f0:4e:c0:99:a3:a6:f9"
2585           }
2586         }
2587       }
2588     }
2589   }
2590
2591   ,
2592   {
2593     "_index": "packets-2017-11-01",
2594     "_type": "pcap_file",
2595     "_score": null,
2596     "_source": {
2597       "layers": {
2598         "frame": {
2599           "frame.encap_type": "1",
2600           "frame.time": "Oct 31, 2017 16:47:00.638103000 PDT",
2601           "frame.offset_shift": "0.000000000",
2602           "frame.time_epoch": "1509493620.638103000",
2603           "frame.time_delta": "0.033673000",
2604           "frame.time_delta_displayed": "0.033673000",
2605           "frame.time_relative": "29.177417000",
2606           "frame.number": "24",
2607           "frame.len": "66",
2608           "frame.cap_len": "66",
2609           "frame.marked": "0",
2610           "frame.ignored": "0",
2611           "frame.protocols": "eth:ethertype:ip:tcp"
2612         },
2613         "eth": {
2614           "eth.dst": "b0:b9:8a:73:69:8e",
2615           "eth.dst_tree": {
2616             "eth.dst_resolved": "Netgear_73:69:8e",
2617             "eth.addr": "b0:b9:8a:73:69:8e",
2618             "eth.addr_resolved": "Netgear_73:69:8e",
2619             "eth.lg": "0",
2620             "eth.ig": "0"
2621           },
2622           "eth.src": "d0:52:a8:a3:60:0f",
2623           "eth.src_tree": {
2624             "eth.src_resolved": "Physical_a3:60:0f",
2625             "eth.addr": "d0:52:a8:a3:60:0f",
2626             "eth.addr_resolved": "Physical_a3:60:0f",
2627             "eth.lg": "0",
2628             "eth.ig": "0"
2629           },
2630           "eth.type": "0x00000800"
2631         },
2632         "ip": {
2633           "ip.version": "4",
2634           "ip.hdr_len": "20",
2635           "ip.dsfield": "0x00000000",
2636           "ip.dsfield_tree": {
2637             "ip.dsfield.dscp": "0",
2638             "ip.dsfield.ecn": "0"
2639           },
2640           "ip.len": "52",
2641           "ip.id": "0x000094eb",
2642           "ip.flags": "0x00000002",
2643           "ip.flags_tree": {
2644             "ip.flags.rb": "0",
2645             "ip.flags.df": "1",
2646             "ip.flags.mf": "0"
2647           },
2648           "ip.frag_offset": "0",
2649           "ip.ttl": "64",
2650           "ip.proto": "6",
2651           "ip.checksum": "0x00007894",
2652           "ip.checksum.status": "2",
2653           "ip.src": "192.168.0.242",
2654           "ip.addr": "192.168.0.242",
2655           "ip.src_host": "192.168.0.242",
2656           "ip.host": "192.168.0.242",
2657           "ip.dst": "13.59.94.111",
2658           "ip.addr": "13.59.94.111",
2659           "ip.dst_host": "13.59.94.111",
2660           "ip.host": "13.59.94.111",
2661           "Source GeoIP: Unknown": "",
2662           "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": {
2663             "ip.geoip.dst_country": "United States",
2664             "ip.geoip.country": "United States",
2665             "ip.geoip.dst_city": "Norwalk, CT",
2666             "ip.geoip.city": "Norwalk, CT",
2667             "ip.geoip.dst_lat": "41.127102",
2668             "ip.geoip.lat": "41.127102",
2669             "ip.geoip.dst_lon": "-73.441597",
2670             "ip.geoip.lon": "-73.441597"
2671           }
2672         },
2673         "tcp": {
2674           "tcp.srcport": "44970",
2675           "tcp.dstport": "443",
2676           "tcp.port": "44970",
2677           "tcp.port": "443",
2678           "tcp.stream": "0",
2679           "tcp.len": "0",
2680           "tcp.seq": "158",
2681           "tcp.ack": "56",
2682           "tcp.hdr_len": "32",
2683           "tcp.flags": "0x00000010",
2684           "tcp.flags_tree": {
2685             "tcp.flags.res": "0",
2686             "tcp.flags.ns": "0",
2687             "tcp.flags.cwr": "0",
2688             "tcp.flags.ecn": "0",
2689             "tcp.flags.urg": "0",
2690             "tcp.flags.ack": "1",
2691             "tcp.flags.push": "0",
2692             "tcp.flags.reset": "0",
2693             "tcp.flags.syn": "0",
2694             "tcp.flags.fin": "0",
2695             "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
2696           },
2697           "tcp.window_size_value": "661",
2698           "tcp.window_size": "661",
2699           "tcp.window_size_scalefactor": "-1",
2700           "tcp.checksum": "0x0000d2b0",
2701           "tcp.checksum.status": "2",
2702           "tcp.urgent_pointer": "0",
2703           "tcp.options": "01:01:08:0a:00:24:bc:51:a7:9b:17:cb",
2704           "tcp.options_tree": {
2705             "No-Operation (NOP)": {
2706               "tcp.options.type": "1",
2707               "tcp.options.type_tree": {
2708                 "tcp.options.type.copy": "0",
2709                 "tcp.options.type.class": "0",
2710                 "tcp.options.type.number": "1"
2711               }
2712             },
2713             "No-Operation (NOP)": {
2714               "tcp.options.type": "1",
2715               "tcp.options.type_tree": {
2716                 "tcp.options.type.copy": "0",
2717                 "tcp.options.type.class": "0",
2718                 "tcp.options.type.number": "1"
2719               }
2720             },
2721             "Timestamps: TSval 2407505, TSecr 2811959243": {
2722               "tcp.option_kind": "8",
2723               "tcp.option_len": "10",
2724               "tcp.options.timestamp.tsval": "2407505",
2725               "tcp.options.timestamp.tsecr": "2811959243"
2726             }
2727           },
2728           "tcp.analysis": {
2729             "tcp.analysis.acks_frame": "23",
2730             "tcp.analysis.ack_rtt": "0.033673000"
2731           }
2732         }
2733       }
2734     }
2735   }
2736
2737   ,
2738   {
2739     "_index": "packets-2017-11-01",
2740     "_type": "pcap_file",
2741     "_score": null,
2742     "_source": {
2743       "layers": {
2744         "frame": {
2745           "frame.encap_type": "1",
2746           "frame.time": "Oct 31, 2017 16:47:01.221862000 PDT",
2747           "frame.offset_shift": "0.000000000",
2748           "frame.time_epoch": "1509493621.221862000",
2749           "frame.time_delta": "0.583759000",
2750           "frame.time_delta_displayed": "0.583759000",
2751           "frame.time_relative": "29.761176000",
2752           "frame.number": "25",
2753           "frame.len": "42",
2754           "frame.cap_len": "42",
2755           "frame.marked": "0",
2756           "frame.ignored": "0",
2757           "frame.protocols": "eth:ethertype:arp"
2758         },
2759         "eth": {
2760           "eth.dst": "ff:ff:ff:ff:ff:ff",
2761           "eth.dst_tree": {
2762             "eth.dst_resolved": "Broadcast",
2763             "eth.addr": "ff:ff:ff:ff:ff:ff",
2764             "eth.addr_resolved": "Broadcast",
2765             "eth.lg": "1",
2766             "eth.ig": "1"
2767           },
2768           "eth.src": "ac:cf:23:5a:9c:e2",
2769           "eth.src_tree": {
2770             "eth.src_resolved": "Hi-Flyin_5a:9c:e2",
2771             "eth.addr": "ac:cf:23:5a:9c:e2",
2772             "eth.addr_resolved": "Hi-Flyin_5a:9c:e2",
2773             "eth.lg": "0",
2774             "eth.ig": "0"
2775           },
2776           "eth.type": "0x00000806"
2777         },
2778         "arp": {
2779           "arp.hw.type": "1",
2780           "arp.proto.type": "0x00000800",
2781           "arp.hw.size": "6",
2782           "arp.proto.size": "4",
2783           "arp.opcode": "1",
2784           "arp.src.hw_mac": "ac:cf:23:5a:9c:e2",
2785           "arp.src.proto_ipv4": "192.168.0.114",
2786           "arp.dst.hw_mac": "00:00:00:00:00:00",
2787           "arp.dst.proto_ipv4": "192.168.0.1"
2788         }
2789       }
2790     }
2791   }
2792
2793   ,
2794   {
2795     "_index": "packets-2017-11-01",
2796     "_type": "pcap_file",
2797     "_score": null,
2798     "_source": {
2799       "layers": {
2800         "frame": {
2801           "frame.encap_type": "1",
2802           "frame.time": "Oct 31, 2017 16:47:03.491176000 PDT",
2803           "frame.offset_shift": "0.000000000",
2804           "frame.time_epoch": "1509493623.491176000",
2805           "frame.time_delta": "2.269314000",
2806           "frame.time_delta_displayed": "2.269314000",
2807           "frame.time_relative": "32.030490000",
2808           "frame.number": "26",
2809           "frame.len": "60",
2810           "frame.cap_len": "60",
2811           "frame.marked": "0",
2812           "frame.ignored": "0",
2813           "frame.protocols": "eth:ethertype:arp"
2814         },
2815         "eth": {
2816           "eth.dst": "b0:b9:8a:73:69:8e",
2817           "eth.dst_tree": {
2818             "eth.dst_resolved": "Netgear_73:69:8e",
2819             "eth.addr": "b0:b9:8a:73:69:8e",
2820             "eth.addr_resolved": "Netgear_73:69:8e",
2821             "eth.lg": "0",
2822             "eth.ig": "0"
2823           },
2824           "eth.src": "00:17:88:69:ee:e4",
2825           "eth.src_tree": {
2826             "eth.src_resolved": "PhilipsL_69:ee:e4",
2827             "eth.addr": "00:17:88:69:ee:e4",
2828             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2829             "eth.lg": "0",
2830             "eth.ig": "0"
2831           },
2832           "eth.type": "0x00000806",
2833           "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
2834         },
2835         "arp": {
2836           "arp.hw.type": "1",
2837           "arp.proto.type": "0x00000800",
2838           "arp.hw.size": "6",
2839           "arp.proto.size": "4",
2840           "arp.opcode": "1",
2841           "arp.src.hw_mac": "00:17:88:69:ee:e4",
2842           "arp.src.proto_ipv4": "192.168.0.160",
2843           "arp.dst.hw_mac": "00:00:00:00:00:00",
2844           "arp.dst.proto_ipv4": "192.168.0.1"
2845         }
2846       }
2847     }
2848   }
2849
2850   ,
2851   {
2852     "_index": "packets-2017-11-01",
2853     "_type": "pcap_file",
2854     "_score": null,
2855     "_source": {
2856       "layers": {
2857         "frame": {
2858           "frame.encap_type": "1",
2859           "frame.time": "Oct 31, 2017 16:47:03.491268000 PDT",
2860           "frame.offset_shift": "0.000000000",
2861           "frame.time_epoch": "1509493623.491268000",
2862           "frame.time_delta": "0.000092000",
2863           "frame.time_delta_displayed": "0.000092000",
2864           "frame.time_relative": "32.030582000",
2865           "frame.number": "27",
2866           "frame.len": "42",
2867           "frame.cap_len": "42",
2868           "frame.marked": "0",
2869           "frame.ignored": "0",
2870           "frame.protocols": "eth:ethertype:arp"
2871         },
2872         "eth": {
2873           "eth.dst": "00:17:88:69:ee:e4",
2874           "eth.dst_tree": {
2875             "eth.dst_resolved": "PhilipsL_69:ee:e4",
2876             "eth.addr": "00:17:88:69:ee:e4",
2877             "eth.addr_resolved": "PhilipsL_69:ee:e4",
2878             "eth.lg": "0",
2879             "eth.ig": "0"
2880           },
2881           "eth.src": "b0:b9:8a:73:69:8e",
2882           "eth.src_tree": {
2883             "eth.src_resolved": "Netgear_73:69:8e",
2884             "eth.addr": "b0:b9:8a:73:69:8e",
2885             "eth.addr_resolved": "Netgear_73:69:8e",
2886             "eth.lg": "0",
2887             "eth.ig": "0"
2888           },
2889           "eth.type": "0x00000806"
2890         },
2891         "arp": {
2892           "arp.hw.type": "1",
2893           "arp.proto.type": "0x00000800",
2894           "arp.hw.size": "6",
2895           "arp.proto.size": "4",
2896           "arp.opcode": "2",
2897           "arp.src.hw_mac": "b0:b9:8a:73:69:8e",
2898           "arp.src.proto_ipv4": "192.168.0.1",
2899           "arp.dst.hw_mac": "00:17:88:69:ee:e4",
2900           "arp.dst.proto_ipv4": "192.168.0.160"
2901         }
2902       }
2903     }
2904   }
2905
2906   ,
2907   {
2908     "_index": "packets-2017-11-01",
2909     "_type": "pcap_file",
2910     "_score": null,
2911     "_source": {
2912       "layers": {
2913         "frame": {
2914           "frame.encap_type": "1",
2915           "frame.time": "Oct 31, 2017 16:47:03.527902000 PDT",
2916           "frame.offset_shift": "0.000000000",
2917           "frame.time_epoch": "1509493623.527902000",
2918           "frame.time_delta": "0.036634000",
2919           "frame.time_delta_displayed": "0.036634000",
2920           "frame.time_relative": "32.067216000",
2921           "frame.number": "28",
2922           "frame.len": "275",
2923           "frame.cap_len": "275",
2924           "frame.marked": "0",
2925           "frame.ignored": "0",
2926           "frame.protocols": "eth:ethertype:ip:udp:mdns"
2927         },
2928         "eth": {
2929           "eth.dst": "01:00:5e:00:00:fb",
2930           "eth.dst_tree": {
2931             "eth.dst_resolved": "IPv4mcast_fb",
2932             "eth.addr": "01:00:5e:00:00:fb",
2933             "eth.addr_resolved": "IPv4mcast_fb",
2934             "eth.lg": "0",
2935             "eth.ig": "1"
2936           },
2937           "eth.src": "d0:73:d5:12:8e:30",
2938           "eth.src_tree": {
2939             "eth.src_resolved": "LifiLabs_12:8e:30",
2940             "eth.addr": "d0:73:d5:12:8e:30",
2941             "eth.addr_resolved": "LifiLabs_12:8e:30",
2942             "eth.lg": "0",
2943             "eth.ig": "0"
2944           },
2945           "eth.type": "0x00000800"
2946         },
2947         "ip": {
2948           "ip.version": "4",
2949           "ip.hdr_len": "20",
2950           "ip.dsfield": "0x00000000",
2951           "ip.dsfield_tree": {
2952             "ip.dsfield.dscp": "0",
2953             "ip.dsfield.ecn": "0"
2954           },
2955           "ip.len": "261",
2956           "ip.id": "0x00001cc7",
2957           "ip.flags": "0x00000000",
2958           "ip.flags_tree": {
2959             "ip.flags.rb": "0",
2960             "ip.flags.df": "0",
2961             "ip.flags.mf": "0"
2962           },
2963           "ip.frag_offset": "0",
2964           "ip.ttl": "64",
2965           "ip.ttl_tree": {
2966             "_ws.expert": {
2967               "ip.ttl.lncb": "",
2968               "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)",
2969               "_ws.expert.severity": "4194304",
2970               "_ws.expert.group": "33554432"
2971             }
2972           },
2973           "ip.proto": "17",
2974           "ip.checksum": "0x0000bb29",
2975           "ip.checksum.status": "2",
2976           "ip.src": "192.168.0.84",
2977           "ip.addr": "192.168.0.84",
2978           "ip.src_host": "192.168.0.84",
2979           "ip.host": "192.168.0.84",
2980           "ip.dst": "224.0.0.251",
2981           "ip.addr": "224.0.0.251",
2982           "ip.dst_host": "224.0.0.251",
2983           "ip.host": "224.0.0.251",
2984           "Source GeoIP: Unknown": "",
2985           "Destination GeoIP: Unknown": ""
2986         },
2987         "udp": {
2988           "udp.srcport": "1315",
2989           "udp.dstport": "5353",
2990           "udp.port": "1315",
2991           "udp.port": "5353",
2992           "udp.length": "241",
2993           "udp.checksum": "0x000013a3",
2994           "udp.checksum.status": "2",
2995           "udp.stream": "5"
2996         },
2997         "mdns": {
2998           "dns.id": "0x0000025a",
2999           "dns.flags": "0x00000000",
3000           "dns.flags_tree": {
3001             "dns.flags.response": "0",
3002             "dns.flags.opcode": "0",
3003             "dns.flags.truncated": "0",
3004             "dns.flags.recdesired": "0",
3005             "dns.flags.z": "0",
3006             "dns.flags.checkdisable": "0"
3007           },
3008           "dns.count.queries": "2",
3009           "dns.count.answers": "0",
3010           "dns.count.auth_rr": "0",
3011           "dns.count.add_rr": "2",
3012           "Queries": {
3013             "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": {
3014               "dns.qry.name": "_alljoyn._tcp.local",
3015               "dns.qry.name.len": "19",
3016               "dns.count.labels": "3",
3017               "dns.qry.type": "12",
3018               "dns.qry.class": "0x00000001",
3019               "dns.qry.qu": "1"
3020             },
3021             "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": {
3022               "dns.qry.name": "_alljoyn._udp.local",
3023               "dns.qry.name.len": "19",
3024               "dns.count.labels": "3",
3025               "dns.qry.type": "12",
3026               "dns.qry.class": "0x00000001",
3027               "dns.qry.qu": "1"
3028             }
3029           },
3030           "Additional records": {
3031             "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": {
3032               "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local",
3033               "dns.resp.type": "16",
3034               "dns.resp.class": "0x00000001",
3035               "dns.resp.cache_flush": "0",
3036               "dns.resp.ttl": "120",
3037               "dns.resp.len": "39",
3038               "dns.txt.length": "9",
3039               "dns.txt": "txtvers=0",
3040               "dns.txt.length": "24",
3041               "dns.txt": "n_1=org.alljoyn.BusNode*",
3042               "dns.txt.length": "3",
3043               "dns.txt": "m=1"
3044             },
3045             "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": {
3046               "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local",
3047               "dns.resp.type": "16",
3048               "dns.resp.class": "0x00000001",
3049               "dns.resp.cache_flush": "0",
3050               "dns.resp.ttl": "120",
3051               "dns.resp.len": "61",
3052               "dns.txt.length": "9",
3053               "dns.txt": "txtvers=0",
3054               "dns.txt.length": "7",
3055               "dns.txt": "ajpv=10",
3056               "dns.txt.length": "4",
3057               "dns.txt": "pv=2",
3058               "dns.txt.length": "7",
3059               "dns.txt": "sid=602",
3060               "dns.txt.length": "17",
3061               "dns.txt": "ipv4=192.168.0.84",
3062               "dns.txt.length": "11",
3063               "dns.txt": "upcv4=58873"
3064             }
3065           }
3066         }
3067       }
3068     }
3069   }
3070
3071   ,
3072   {
3073     "_index": "packets-2017-11-01",
3074     "_type": "pcap_file",
3075     "_score": null,
3076     "_source": {
3077       "layers": {
3078         "frame": {
3079           "frame.encap_type": "1",
3080           "frame.time": "Oct 31, 2017 16:47:03.528427000 PDT",
3081           "frame.offset_shift": "0.000000000",
3082           "frame.time_epoch": "1509493623.528427000",
3083           "frame.time_delta": "0.000525000",
3084           "frame.time_delta_displayed": "0.000525000",
3085           "frame.time_relative": "32.067741000",
3086           "frame.number": "29",
3087           "frame.len": "275",
3088           "frame.cap_len": "275",
3089           "frame.marked": "0",
3090           "frame.ignored": "0",
3091           "frame.protocols": "eth:ethertype:ip:udp:mdns"
3092         },
3093         "eth": {
3094           "eth.dst": "ff:ff:ff:ff:ff:ff",
3095           "eth.dst_tree": {
3096             "eth.dst_resolved": "Broadcast",
3097             "eth.addr": "ff:ff:ff:ff:ff:ff",
3098             "eth.addr_resolved": "Broadcast",
3099             "eth.lg": "1",
3100             "eth.ig": "1"
3101           },
3102           "eth.src": "d0:73:d5:12:8e:30",
3103           "eth.src_tree": {
3104             "eth.src_resolved": "LifiLabs_12:8e:30",
3105             "eth.addr": "d0:73:d5:12:8e:30",
3106             "eth.addr_resolved": "LifiLabs_12:8e:30",
3107             "eth.lg": "0",
3108             "eth.ig": "0"
3109           },
3110           "eth.type": "0x00000800"
3111         },
3112         "ip": {
3113           "ip.version": "4",
3114           "ip.hdr_len": "20",
3115           "ip.dsfield": "0x00000000",
3116           "ip.dsfield_tree": {
3117             "ip.dsfield.dscp": "0",
3118             "ip.dsfield.ecn": "0"
3119           },
3120           "ip.len": "261",
3121           "ip.id": "0x00001cc8",
3122           "ip.flags": "0x00000000",
3123           "ip.flags_tree": {
3124             "ip.flags.rb": "0",
3125             "ip.flags.df": "0",
3126             "ip.flags.mf": "0"
3127           },
3128           "ip.frag_offset": "0",
3129           "ip.ttl": "64",
3130           "ip.proto": "17",
3131           "ip.checksum": "0x00009c24",
3132           "ip.checksum.status": "2",
3133           "ip.src": "192.168.0.84",
3134           "ip.addr": "192.168.0.84",
3135           "ip.src_host": "192.168.0.84",
3136           "ip.host": "192.168.0.84",
3137           "ip.dst": "255.255.255.255",
3138           "ip.addr": "255.255.255.255",
3139           "ip.dst_host": "255.255.255.255",
3140           "ip.host": "255.255.255.255",
3141           "Source GeoIP: Unknown": "",
3142           "Destination GeoIP: Unknown": ""
3143         },
3144         "udp": {
3145           "udp.srcport": "1315",
3146           "udp.dstport": "5353",
3147           "udp.port": "1315",
3148           "udp.port": "5353",
3149           "udp.length": "241",
3150           "udp.checksum": "0x0000f49e",
3151           "udp.checksum.status": "2",
3152           "udp.stream": "6"
3153         },
3154         "mdns": {
3155           "dns.id": "0x0000025a",
3156           "dns.flags": "0x00000000",
3157           "dns.flags_tree": {
3158             "dns.flags.response": "0",
3159             "dns.flags.opcode": "0",
3160             "dns.flags.truncated": "0",
3161             "dns.flags.recdesired": "0",
3162             "dns.flags.z": "0",
3163             "dns.flags.checkdisable": "0"
3164           },
3165           "dns.count.queries": "2",
3166           "dns.count.answers": "0",
3167           "dns.count.auth_rr": "0",
3168           "dns.count.add_rr": "2",
3169           "Queries": {
3170             "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": {
3171               "dns.qry.name": "_alljoyn._tcp.local",
3172               "dns.qry.name.len": "19",
3173               "dns.count.labels": "3",
3174               "dns.qry.type": "12",
3175               "dns.qry.class": "0x00000001",
3176               "dns.qry.qu": "1"
3177             },
3178             "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": {
3179               "dns.qry.name": "_alljoyn._udp.local",
3180               "dns.qry.name.len": "19",
3181               "dns.count.labels": "3",
3182               "dns.qry.type": "12",
3183               "dns.qry.class": "0x00000001",
3184               "dns.qry.qu": "1"
3185             }
3186           },
3187           "Additional records": {
3188             "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": {
3189               "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local",
3190               "dns.resp.type": "16",
3191               "dns.resp.class": "0x00000001",
3192               "dns.resp.cache_flush": "0",
3193               "dns.resp.ttl": "120",
3194               "dns.resp.len": "39",
3195               "dns.txt.length": "9",
3196               "dns.txt": "txtvers=0",
3197               "dns.txt.length": "24",
3198               "dns.txt": "n_1=org.alljoyn.BusNode*",
3199               "dns.txt.length": "3",
3200               "dns.txt": "m=1"
3201             },
3202             "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": {
3203               "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local",
3204               "dns.resp.type": "16",
3205               "dns.resp.class": "0x00000001",
3206               "dns.resp.cache_flush": "0",
3207               "dns.resp.ttl": "120",
3208               "dns.resp.len": "61",
3209               "dns.txt.length": "9",
3210               "dns.txt": "txtvers=0",
3211               "dns.txt.length": "7",
3212               "dns.txt": "ajpv=10",
3213               "dns.txt.length": "4",
3214               "dns.txt": "pv=2",
3215               "dns.txt.length": "7",
3216               "dns.txt": "sid=602",
3217               "dns.txt.length": "17",
3218               "dns.txt": "ipv4=192.168.0.84",
3219               "dns.txt.length": "11",
3220               "dns.txt": "upcv4=58873"
3221             }
3222           }
3223         }
3224       }
3225     }
3226   }
3227
3228   ,
3229   {
3230     "_index": "packets-2017-11-01",
3231     "_type": "pcap_file",
3232     "_score": null,
3233     "_source": {
3234       "layers": {
3235         "frame": {
3236           "frame.encap_type": "1",
3237           "frame.time": "Oct 31, 2017 16:47:03.529067000 PDT",
3238           "frame.offset_shift": "0.000000000",
3239           "frame.time_epoch": "1509493623.529067000",
3240           "frame.time_delta": "0.000640000",
3241           "frame.time_delta_displayed": "0.000640000",
3242           "frame.time_relative": "32.068381000",
3243           "frame.number": "30",
3244           "frame.len": "295",
3245           "frame.cap_len": "295",
3246           "frame.marked": "0",
3247           "frame.ignored": "0",
3248           "frame.protocols": "eth:ethertype:ipv6:udp:mdns"
3249         },
3250         "eth": {
3251           "eth.dst": "33:33:00:00:00:fb",
3252           "eth.dst_tree": {
3253             "eth.dst_resolved": "IPv6mcast_fb",
3254             "eth.addr": "33:33:00:00:00:fb",
3255             "eth.addr_resolved": "IPv6mcast_fb",
3256             "eth.lg": "1",
3257             "eth.ig": "1"
3258           },
3259           "eth.src": "d0:73:d5:12:8e:30",
3260           "eth.src_tree": {
3261             "eth.src_resolved": "LifiLabs_12:8e:30",
3262             "eth.addr": "d0:73:d5:12:8e:30",
3263             "eth.addr_resolved": "LifiLabs_12:8e:30",
3264             "eth.lg": "0",
3265             "eth.ig": "0"
3266           },
3267           "eth.type": "0x000086dd"
3268         },
3269         "ipv6": {
3270           "ipv6.version": "6",
3271           "ip.version": "6",
3272           "ipv6.tclass": "0x00000000",
3273           "ipv6.tclass_tree": {
3274             "ipv6.tclass.dscp": "0",
3275             "ipv6.tclass.ecn": "0"
3276           },
3277           "ipv6.flow": "0x00000000",
3278           "ipv6.plen": "241",
3279           "ipv6.nxt": "17",
3280           "ipv6.hlim": "1",
3281           "ipv6.src": "fe80::d273:d5ff:fe12:8e30",
3282           "ipv6.addr": "fe80::d273:d5ff:fe12:8e30",
3283           "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30",
3284           "ipv6.host": "fe80::d273:d5ff:fe12:8e30",
3285           "ipv6.src_sa_mac": "d0:73:d5:12:8e:30",
3286           "ipv6.sa_mac": "d0:73:d5:12:8e:30",
3287           "ipv6.dst": "ff02::fb",
3288           "ipv6.addr": "ff02::fb",
3289           "ipv6.dst_host": "ff02::fb",
3290           "ipv6.host": "ff02::fb",
3291           "Source GeoIP: Unknown": "",
3292           "Destination GeoIP: Unknown": ""
3293         },
3294         "udp": {
3295           "udp.srcport": "1316",
3296           "udp.dstport": "5353",
3297           "udp.port": "1316",
3298           "udp.port": "5353",
3299           "udp.length": "241",
3300           "udp.checksum": "0x00008264",
3301           "udp.checksum.status": "2",
3302           "udp.stream": "7"
3303         },
3304         "mdns": {
3305           "dns.id": "0x0000025a",
3306           "dns.flags": "0x00000000",
3307           "dns.flags_tree": {
3308             "dns.flags.response": "0",
3309             "dns.flags.opcode": "0",
3310             "dns.flags.truncated": "0",
3311             "dns.flags.recdesired": "0",
3312             "dns.flags.z": "0",
3313             "dns.flags.checkdisable": "0"
3314           },
3315           "dns.count.queries": "2",
3316           "dns.count.answers": "0",
3317           "dns.count.auth_rr": "0",
3318           "dns.count.add_rr": "2",
3319           "Queries": {
3320             "_alljoyn._tcp.local: type PTR,&