Restructuring files and folders
authorrtrimana <rtrimana@uci.edu>
Mon, 6 Nov 2017 18:12:10 +0000 (10:12 -0800)
committerrtrimana <rtrimana@uci.edu>
Mon, 6 Nov 2017 18:12:10 +0000 (10:12 -0800)
12 files changed:
CAPture.py [deleted file]
base_gefx_generator.py [deleted file]
dns.json [deleted file]
extract_from_tshark.py [deleted file]
generated-graph-sample.gexf [deleted file]
gexf/generated-graph-sample.gexf [new file with mode: 0644]
http.json [deleted file]
json/dns.json [new file with mode: 0644]
json/http.json [new file with mode: 0644]
origin/CAPture.py [new file with mode: 0644]
origin/base_gefx_generator.py [new file with mode: 0644]
origin/extract_from_tshark.py [new file with mode: 0644]

diff --git a/CAPture.py b/CAPture.py
deleted file mode 100644 (file)
index 4d6972a..0000000
+++ /dev/null
@@ -1,385 +0,0 @@
-#!/usr/local/bin/python2.7
-
-""" -----------------------------------------------------------------------------
-    CAPture - a pcap file analyzer and report generator
-    (c) 2017 - Rahmadi Trimananda
-    University of California, Irvine - Programming Language and Systems
-    -----------------------------------------------------------------------------
-    Credits to tutorial: https://dpkt.readthedocs.io/en/latest/
-    -----------------------------------------------------------------------------
-""" 
-
-import datetime
-import dpkt
-from dpkt.compat import compat_ord
-
-import socket
-import sys
-
-""" -----------------------------------------------------------------------------
-    Global variable declarations
-    -----------------------------------------------------------------------------
-"""
-# Command line arguments
-INPUT = "-i"
-OUTPUT = "-o"
-POINT_TO_MANY = "-pm"
-VERBOSE = "-v"
-
-
-def mac_addr(address):
-    # Courtesy of: https://dpkt.readthedocs.io/en/latest/
-    """ Convert a MAC address to a readable/printable string
-        Args:
-            address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06')
-        Returns:
-            str: Printable/readable MAC address
-    """
-    return ':'.join('%02x' % compat_ord(b) for b in address)
-
-
-def inet_to_str(inet):
-    # Courtesy of: https://dpkt.readthedocs.io/en/latest/
-    """ Convert inet object to a string
-        Args:
-            inet (inet struct): inet network address
-        Returns:
-            str: Printable/readable IP address
-    """
-    # First try ipv4 and then ipv6
-    try:
-        return socket.inet_ntop(socket.AF_INET, inet)
-    except ValueError:
-        return socket.inet_ntop(socket.AF_INET6, inet)
-
-
-def show_usage():
-    """ Show usage of this Python script 
-    """
-    print "Usage: python CAPture.py [ -i <file-name>.pcap ] [ -o <file-name>.pcap ] [ -pm ] [ -v ]"
-    print
-    print "[ -o ]  = output file"
-    print "[ -pm ] = point-to-many analysis"
-    print "[ -v ]  = verbose output"
-    print "By default, this script does simple statistical analysis of IP, TCP, and UDP packets."
-    print "(c) 2017 - University of California, Irvine - Programming Language and Systems"
-
-
-def show_progress(verbose, counter):
-    """ Show packet processing progress
-        Args:
-            verbose: verbose output (True/False)
-            counter: counter of all packets
-    """
-    if verbose:
-        print "Processing packet number: ", counter
-    else:
-        if counter % 100000 == 0:
-            print "Processing %s packets..." % counter
-
-
-def show_summary(counter, ip_counter, tcp_counter, udp_counter):
-    """ Show summary of statistics of PCAP file
-        Args:
-            counter: counter of all packets
-            ip_counter: counter of all IP packets
-            tcp_counter: counter of all TCP packets
-            udp_counter: counter of all UDP packets
-    """
-    print
-    print "Total number of packets in the pcap file: ", counter
-    print "Total number of ip packets: ", ip_counter
-    print "Total number of tcp packets: ", tcp_counter
-    print "Total number of udp packets: ", udp_counter
-    print
-
-
-def save_to_file(tbl_header, dictionary, filename_out):
-    """ Show summary of statistics of PCAP file
-        Args:
-            tbl_header: header for the saved table
-            dictionary: dictionary to be saved
-            filename_out: file name to save
-    """
-    # Appending, not overwriting!
-    f = open(filename_out, 'a')
-    # Write the table header
-    f.write("\n\n" + str(tbl_header) + "\n");
-    # Iterate over dictionary and write (key, value) pairs
-    for key, value in dictionary.iteritems():
-        f.write(str(key) + ", " + str(value) + "\n")
-
-    f.close()
-    print "Writing output to file: ", filename_out
-
-
-def statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter):
-    """ This is the default analysis of packet statistics (generic)
-        Args:
-            verbose: verbose output (True/False)
-            pcap: object that handles PCAP file content
-            counter: counter of all packets
-            ip_counter: counter of all IP packets
-            tcp_counter: counter of all TCP packets
-            udp_counter: counter of all UDP packets
-    """
-    for time_stamp, packet in pcap:
-
-        counter += 1
-        eth = dpkt.ethernet.Ethernet(packet)
-
-        if verbose:
-            # Print out the timestamp in UTC
-            print "Timestamp: ", str(datetime.datetime.utcfromtimestamp(time_stamp))
-            # Print out the MAC addresses
-            print "Ethernet frame: ", mac_addr(eth.src), mac_addr(eth.dst), eth.data.__class__.__name__
-
-        # Process only IP data
-        if not isinstance(eth.data, dpkt.ip.IP):
-
-            is_ip = False
-            if verbose:
-                print "Non IP packet type not analyzed... skipping..."
-        else:
-            is_ip = True
-
-        if is_ip:
-            ip = eth.data
-            ip_counter += 1
-
-            # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
-            do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
-            more_fragments = bool(ip.off & dpkt.ip.IP_MF)
-            fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
-
-            if verbose:
-                # Print out the complete IP information
-                print "IP: %s -> %s   (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \
-                    (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, 
-                     more_fragments, fragment_offset)
-
-            # Count TCP packets
-            if ip.p == dpkt.ip.IP_PROTO_TCP:  
-                tcp_counter += 1
-
-            # Count UDP packets
-            if ip.p == dpkt.ip.IP_PROTO_UDP:
-                udp_counter += 1
-
-        show_progress(verbose, counter)
-
-    # Print general statistics
-    show_summary(counter, ip_counter, tcp_counter, udp_counter)
-
-
-def point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter, 
-        tcp_counter, udp_counter):
-    """ This analysis presents how 1 device (MAC address or IP address) communicates
-        to every other device in the analyzed PCAP file.
-        Args:
-            dev_add: device address (MAC or IP address)
-            verbose: verbose output (True/False)
-            pcap: object that handles PCAP file content
-            counter: counter of all packets
-            ip_counter: counter of all IP packets
-            tcp_counter: counter of all TCP packets
-            udp_counter: counter of all UDP packets
-    """
-    # Dictionary that preserves the mapping between destination address to frequency
-    mac2freq = dict()
-    ip2freq = dict()
-    for time_stamp, packet in pcap:
-
-        counter += 1
-        eth = dpkt.ethernet.Ethernet(packet)
-
-        # Save the timestamp and MAC addresses
-        tstamp = str(datetime.datetime.utcfromtimestamp(time_stamp))
-        mac_src = mac_addr(eth.src)
-        mac_dst = mac_addr(eth.dst)
-
-        # Process only IP data
-        if not isinstance(eth.data, dpkt.ip.IP):
-
-            is_ip = False
-            if verbose:
-                print "Non IP packet type not analyzed... skipping..."
-                print 
-        else:
-            is_ip = True
-
-        if is_ip:
-            ip = eth.data
-            ip_counter += 1
-
-            # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
-            do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
-            more_fragments = bool(ip.off & dpkt.ip.IP_MF)
-            fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
-            
-            # Save IP addresses
-            ip_src = inet_to_str(ip.src)
-            ip_dst = inet_to_str(ip.dst)
-
-            if verbose:
-                # Print out the complete IP information
-                print "IP: %s -> %s   (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \
-                    (ip_src, ip_dst, ip.len, ip.ttl, do_not_fragment, 
-                     more_fragments, fragment_offset)
-
-            # Categorize packets based on source device address
-            # Save the destination device addresses (point-to-many)
-            if dev_add == ip_src:
-                if ip_dst in ip2freq:
-                    freq = ip2freq[ip_dst]
-                    ip2freq[ip_dst] = freq + 1
-                else:
-                    ip2freq[ip_dst] = 1
-
-            if dev_add == mac_src:
-                if mac_dst in ip2freq:
-                    freq = mac2freq[mac_dst]
-                    mac2freq[mac_dst] = freq + 1
-                else:
-                    mac2freq[mac_dst] = 1
-
-            # Count TCP packets
-            if ip.p == dpkt.ip.IP_PROTO_TCP:  
-                tcp_counter += 1
-
-            # Count UDP packets
-            if ip.p == dpkt.ip.IP_PROTO_UDP:
-                udp_counter += 1
-
-        show_progress(verbose, counter)
-
-    # Print general statistics
-    show_summary(counter, ip_counter, tcp_counter, udp_counter)
-    # Save results into file if filename_out is not empty
-    if not filename_out == "":
-        print "Saving results into file: ", filename_out
-        ip_tbl_header = "Point-to-many Analysis - IP destinations for " + dev_add
-        mac_tbl_header = "Point-to-many Analysis - MAC destinations for " + dev_add
-        save_to_file(ip_tbl_header, ip2freq, filename_out)
-        save_to_file(mac_tbl_header, mac2freq, filename_out)
-    else:
-        print "Output file name is not specified... exitting now!"
-
-
-def parse_cli_args(argv):
-    """ Parse command line arguments and store them in a dictionary
-        Args:
-            argv: list of command line arguments and their values
-        Returns:
-            str: dictionary that maps arguments to their values
-    """
-    options = dict()
-    # First argument is "CAPture.py", so skip it
-    argv = argv[1:]
-    # Loop and collect arguments and their values
-    while argv:
-        print "Examining argument: ", argv[0]
-        # Check the first character of each argv list
-        # If it is a '-' then it is a command line argument
-        if argv[0][0] == '-':
-            if argv[0] == VERBOSE:
-                # We don't have value for the argument VERBOSE
-                options[argv[0]] = argv[0]
-                # Remove one command line argument and its value
-                argv = argv[1:]
-            else:
-                options[argv[0]] = argv[1]
-                # Remove one command line argument and its value
-                argv = argv[2:]
-
-    return options
-
-
-""" -----------------------------------------------------------------------------
-    Main Running Methods
-    -----------------------------------------------------------------------------
-""" 
-def main():
-    # Variable declarations
-    global CAP_EXTENSION
-    global PCAP_EXTENSION
-    global VERBOSE
-    global POINT_TO_MANY
-
-    # Counters
-    counter = 0
-    ip_counter = 0
-    tcp_counter = 0
-    udp_counter = 0
-    # Booleans as flags
-    verbose = False
-    is_ip = True
-    is_statistical_analysis = True
-    is_point_to_many_analysis = False
-    # Names
-    filename_in = ""
-    filename_out = ""
-    dev_add = ""
-
-    # Welcome message
-    print
-    print "Welcome to CAPture version 1.0 - A PCAP file instant analyzer!"
-
-    # Get file name from user input
-    # Show usage if file name is not specified (only accept 1 file name for now)
-    if len(sys.argv) < 2:
-        show_usage()
-        print
-        return
-
-    # Check and process sys.argv
-    options = parse_cli_args(sys.argv)
-    for key, value in options.iteritems():
-        # Process "-i" - input PCAP file
-        if key == INPUT:
-            filename_in = value
-        elif key == OUTPUT:
-            filename_out = value
-        elif key == VERBOSE:
-            verbose = True
-        elif key == POINT_TO_MANY:
-            is_statistical_analysis = False
-            is_point_to_many_analysis = True
-            dev_add = value
-
-    # Show manual again if input is not correct
-    if filename_in == "":
-        print "File name is empty!"
-        print
-        show_usage()
-        print
-        return
-
-    # dev_add is needed for these analyses
-    if is_point_to_many_analysis and dev_add == "":
-        print "Device address is empty!"
-        print
-        show_usage()
-        print
-        return
-
-    # One PCAP file name is specified - now analyze!
-    print "Analyzing PCAP file: ", filename_in
-
-    # Opening and analyzing PCAP file
-    f = open(filename_in,'rb')
-    pcap = dpkt.pcap.Reader(f)
-
-    # Choose from the existing options
-    if is_statistical_analysis:
-        statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter)
-    elif is_point_to_many_analysis:
-        point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter, 
-                               tcp_counter, udp_counter)
-
-
-if __name__ == "__main__":
-    # call main function since this is being run as the start
-    main()
-
-
diff --git a/base_gefx_generator.py b/base_gefx_generator.py
deleted file mode 100644 (file)
index 703fe45..0000000
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/bin/python
-
-"""
-Script that constructs a graph in which hosts are nodes.
-An edge between two hosts indicate that the hosts communicate.
-Hosts are labeled and identified by their IPs.
-The graph is written to a file in Graph Exchange XML format for later import and visual inspection in Gephi.
-
-The input to this script is the JSON output by extract_from_tshark.py by Anastasia Shuba.
-
-This script is a simplification of Milad Asgari's parser_data_to_gephi.py script.
-It serves as a baseline for future scripts that want to include more information in the graph.
-"""
-
-import socket
-import json
-import tldextract
-import networkx as nx
-import sys
-from decimal import *
-
-import parse_dns
-
-JSON_KEY_ETH_SRC = "eth.src"
-JSON_KEY_ETH_DST = "eth.dst"
-
-def parse_json(file_path):
-
-    device_dns_mappings = parse_dns.parse_json_dns("./dns.json")
-
-    # Init empty graph
-    G = nx.DiGraph() 
-    with open(file_path) as jf:
-        # Read JSON.
-        # data becomes reference to root JSON object (or in our case json array)
-        data = json.load(jf)
-        # Loop through json objects in data
-        for k in data:
-            # Fetch timestamp of packet
-            packet_timestamp = Decimal(data[k]["ts"])
-            # Fetch eth source and destination info
-            eth_src = data[k][JSON_KEY_ETH_SRC]
-            eth_dst = data[k][JSON_KEY_ETH_DST]
-            # Traffic can be both outbound and inbound.
-            # Determine which one of the two by looking up device MAC in DNS map.
-            iot_device = None
-            if eth_src in device_dns_mappings:
-                iot_device = eth_src
-            elif eth_dst in device_dns_mappings:
-                iot_device = eth_dst
-            else:
-                print "[ WARNING: DNS mapping not found for device with MAC", eth_src, "OR", eth_dst, "]"
-                # This must be local communication between two IoT devices OR an IoT device talking to a hardcoded IP.
-                # For now let's assume local communication.
-                # Add a node for each device and an edge between them.
-                G.add_node(eth_src)
-                G.add_node(eth_dst)
-                G.add_edge(eth_src, eth_dst)
-                # TODO add regex check on src+dst IP to figure out if hardcoded server IP (e.g. check if one of the two are NOT a 192.168.x.y IP)
-                continue
-            # It is outbound traffic if iot_device matches src, otherwise it must be inbound traffic.
-            outbound_traffic = iot_device == eth_src
-
-            ''' Graph construction '''
-            # No need to check if the Nodes and/or Edges we add already exist:
-            # NetworkX won't add already existing nodes/edges (except in the case of a MultiGraph or MultiDiGraph (see NetworkX doc)).
-            
-            # Add a node for each host.
-            # First add node for IoT device.
-            G.add_node(iot_device)
-            # Then add node for the server.
-            # For this we need to distinguish between outbound and inbound traffic so that we look up the proper IP in our DNS map.
-            # For outbound traffic, the server's IP is the destination IP.
-            # For inbound traffic, the server's IP is the source IP.
-            server_ip = data[k]["dst_ip"] if outbound_traffic else data[k]["src_ip"]
-            hostname = device_dns_mappings[iot_device].hostname_for_ip_at_time(server_ip, packet_timestamp)
-            if hostname is None:
-                # TODO this can occur when two local devices communicate OR if IoT device has hardcoded server IP.
-                # However, we only get here for the DNS that have not performed any DNS lookups
-                # We should use a regex check early in the loop to see if it is two local devices communicating.
-                # This way we would not have to consider these corner cases later on.
-                print "[ WARNING: no ip-hostname mapping found for ip", server_ip, " -- adding eth.src->eth.dst edge, but note that this may be incorrect if IoT device has hardcoded server IP ]"
-                G.add_node(eth_src)
-                G.add_node(eth_dst)
-                G.add_edge(eth_src, eth_dst)
-                continue
-            G.add_node(hostname)
-            # Connect the two nodes we just added.
-            if outbound_traffic:
-                G.add_edge(iot_device, hostname)
-            else:
-                G.add_edge(hostname, iot_device)
-    return G
-
-# ------------------------------------------------------
-# Not currently used.
-# Might be useful later on if we wish to resolve IPs.
-def get_domain(host):
-    ext_result = tldextract.extract(str(host))
-    # Be consistent with ReCon and keep suffix
-    domain = ext_result.domain + "." + ext_result.suffix
-    return domain
-
-def is_IP(addr):
-    try:
-        socket.inet_aton(addr)
-        return True
-    except socket.error:
-        return False
-# ------------------------------------------------------
-
-if __name__ == '__main__':
-    if len(sys.argv) < 3:
-        print "Usage:", sys.argv[0], "input_file output_file"
-        print "outfile_file should end in .gexf"
-        sys.exit(0)
-    # Input file: Path to JSON file generated from tshark JSON output using Anastasia's script (extract_from_tshark.py).
-    input_file = sys.argv[1]
-    print "[ input_file  =", input_file, "]"
-    # Output file: Path to file where the Gephi XML should be written.
-    output_file = sys.argv[2]
-    print "[ output_file =", output_file, "]"
-    # Construct graph from JSON
-    G = parse_json(input_file)
-    # Write Graph in Graph Exchange XML format
-    nx.write_gexf(G, output_file)
diff --git a/dns.json b/dns.json
deleted file mode 100644 (file)
index 43f3eb5..0000000
--- a/dns.json
+++ /dev/null
@@ -1,40632 +0,0 @@
-[
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508458071.560156000",
-          "frame.time_delta": "1.053360000",
-          "frame.time_delta_displayed": "0.000000000",
-          "frame.time_relative": "359.154952000",
-          "frame.number": "380",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x0000c5d4",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000f2e8",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "35041",
-          "udp.dstport": "53",
-          "udp.port": "35041",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x0000d04f",
-          "udp.checksum.status": "2",
-          "udp.stream": "19"
-        },
-        "dns": {
-          "dns.response_in": "381",
-          "dns.id": "0x00000487",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508458071.597999000",
-          "frame.time_delta": "0.037843000",
-          "frame.time_delta_displayed": "0.037843000",
-          "frame.time_relative": "359.192795000",
-          "frame.number": "381",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x00001e6a",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000989e",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "35041",
-          "udp.port": "53",
-          "udp.port": "35041",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "19"
-        },
-        "dns": {
-          "dns.response_to": "380",
-          "dns.time": "0.037843000",
-          "dns.id": "0x00000487",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "115",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "13313",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "485",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3795",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2515",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3016",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3200",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.241"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2106",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.41"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3857",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.33"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3654",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.95"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3718",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.239"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2491",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508458971.607393000",
-          "frame.time_delta": "4.029605000",
-          "frame.time_delta_displayed": "900.009394000",
-          "frame.time_relative": "1259.202189000",
-          "frame.number": "1239",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x00000103",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000b7ba",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "57902",
-          "udp.dstport": "53",
-          "udp.port": "57902",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x00007701",
-          "udp.checksum.status": "2",
-          "udp.stream": "36"
-        },
-        "dns": {
-          "dns.response_in": "1240",
-          "dns.id": "0x00000488",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508458971.678853000",
-          "frame.time_delta": "0.071460000",
-          "frame.time_delta_displayed": "0.071460000",
-          "frame.time_relative": "1259.273649000",
-          "frame.number": "1240",
-          "frame.len": "467",
-          "frame.cap_len": "467",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "453",
-          "ip.id": "0x00004f7c",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x000067ba",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "57902",
-          "udp.port": "53",
-          "udp.port": "57902",
-          "udp.length": "433",
-          "udp.checksum": "0x000083b4",
-          "udp.checksum.status": "2",
-          "udp.stream": "36"
-        },
-        "dns": {
-          "dns.response_to": "1239",
-          "dns.time": "0.071460000",
-          "dns.id": "0x00000488",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "8",
-          "dns.count.add_rr": "8",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "115",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "12413",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "587",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2895",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1615",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2116",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2300",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.241"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1206",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.41"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2957",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.33"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2754",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.95"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2818",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.239"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.045476000",
-          "frame.time_delta": "1.106645000",
-          "frame.time_delta_displayed": "631.366623000",
-          "frame.time_relative": "1890.640272000",
-          "frame.number": "1873",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x00001f1b",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000999f",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "44067",
-          "udp.dstport": "53",
-          "udp.port": "44067",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x00001491",
-          "udp.checksum.status": "2",
-          "udp.stream": "51"
-        },
-        "dns": {
-          "dns.response_in": "1874",
-          "dns.id": "0x00000489",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.047090000",
-          "frame.time_delta": "0.001614000",
-          "frame.time_delta_displayed": "0.001614000",
-          "frame.time_relative": "1890.641886000",
-          "frame.number": "1874",
-          "frame.len": "137",
-          "frame.cap_len": "137",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "123",
-          "ip.id": "0x00002b52",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00008d2e",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "44067",
-          "udp.port": "53",
-          "udp.port": "44067",
-          "udp.length": "103",
-          "udp.checksum": "0x0000826a",
-          "udp.checksum.status": "2",
-          "udp.stream": "51"
-        },
-        "dns": {
-          "dns.response_to": "1873",
-          "dns.time": "0.001614000",
-          "dns.id": "0x00000489",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "1",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Authoritative nameservers": {
-            "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "6",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "643",
-              "dns.resp.len": "46",
-              "dns.soa.mname": "ns1.ext.philips.com",
-              "dns.soa.rname": "ddi-authority.philips.com",
-              "dns.soa.serial_number": "387",
-              "dns.soa.refresh_interval": "1200",
-              "dns.soa.retry_interval": "300",
-              "dns.soa.expire_limit": "1209600",
-              "dns.soa.mininum_ttl": "3600"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.048272000",
-          "frame.time_delta": "0.001182000",
-          "frame.time_delta_displayed": "0.001182000",
-          "frame.time_relative": "1890.643068000",
-          "frame.number": "1875",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x00001f1c",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000999e",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "51510",
-          "udp.dstport": "53",
-          "udp.port": "51510",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x0000127d",
-          "udp.checksum.status": "2",
-          "udp.stream": "52"
-        },
-        "dns": {
-          "dns.response_in": "1876",
-          "dns.id": "0x0000048a",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.049516000",
-          "frame.time_delta": "0.001244000",
-          "frame.time_delta_displayed": "0.001244000",
-          "frame.time_relative": "1890.644312000",
-          "frame.number": "1876",
-          "frame.len": "285",
-          "frame.cap_len": "285",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "271",
-          "ip.id": "0x00002b53",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00008c99",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "51510",
-          "udp.port": "53",
-          "udp.port": "51510",
-          "udp.length": "251",
-          "udp.checksum": "0x000082fe",
-          "udp.checksum.status": "2",
-          "udp.stream": "52"
-        },
-        "dns": {
-          "dns.response_to": "1875",
-          "dns.time": "0.001244000",
-          "dns.id": "0x0000048a",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "1",
-          "dns.count.auth_rr": "3",
-          "dns.count.add_rr": "6",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
-              "dns.resp.name": "dcp.cpp.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "644",
-              "dns.resp.len": "4",
-              "dns.a": "5.79.62.93"
-            }
-          },
-          "Authoritative nameservers": {
-            "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "644",
-              "dns.resp.len": "10",
-              "dns.ns": "ns1.ext.philips.com"
-            },
-            "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "644",
-              "dns.resp.len": "6",
-              "dns.ns": "ns2.ext.philips.com"
-            },
-            "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "644",
-              "dns.resp.len": "6",
-              "dns.ns": "ns3.ext.philips.com"
-            }
-          },
-          "Additional records": {
-            "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
-              "dns.resp.name": "ns1.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "155007",
-              "dns.resp.len": "4",
-              "dns.a": "57.67.40.20"
-            },
-            "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
-              "dns.resp.name": "ns2.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3438",
-              "dns.resp.len": "4",
-              "dns.a": "57.77.21.76"
-            },
-            "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
-              "dns.resp.name": "ns3.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3438",
-              "dns.resp.len": "4",
-              "dns.a": "57.73.36.68"
-            },
-            "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
-              "dns.resp.name": "ns1.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "158626",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
-            },
-            "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
-              "dns.resp.name": "ns2.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "151199",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
-            },
-            "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
-              "dns.resp.name": "ns3.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "151199",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.470381000",
-          "frame.time_delta": "0.000880000",
-          "frame.time_delta_displayed": "0.420865000",
-          "frame.time_relative": "1891.065177000",
-          "frame.number": "1892",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x00001f22",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00009998",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "44843",
-          "udp.dstport": "53",
-          "udp.port": "44843",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x00001187",
-          "udp.checksum.status": "2",
-          "udp.stream": "53"
-        },
-        "dns": {
-          "dns.response_in": "1893",
-          "dns.id": "0x0000048b",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.470880000",
-          "frame.time_delta": "0.000499000",
-          "frame.time_delta_displayed": "0.000499000",
-          "frame.time_relative": "1891.065676000",
-          "frame.number": "1893",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x00002b76",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00008d44",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "44843",
-          "udp.port": "53",
-          "udp.port": "44843",
-          "udp.length": "45",
-          "udp.checksum": "0x00008230",
-          "udp.checksum.status": "2",
-          "udp.stream": "53"
-        },
-        "dns": {
-          "dns.response_to": "1892",
-          "dns.time": "0.000499000",
-          "dns.id": "0x0000048b",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.471684000",
-          "frame.time_delta": "0.000804000",
-          "frame.time_delta_displayed": "0.000804000",
-          "frame.time_relative": "1891.066480000",
-          "frame.number": "1894",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x00001f23",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00009997",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "40021",
-          "udp.dstport": "53",
-          "udp.port": "40021",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x00003f5c",
-          "udp.checksum.status": "2",
-          "udp.stream": "54"
-        },
-        "dns": {
-          "dns.response_in": "1895",
-          "dns.id": "0x0000048c",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459603.472192000",
-          "frame.time_delta": "0.000508000",
-          "frame.time_delta_displayed": "0.000508000",
-          "frame.time_relative": "1891.066988000",
-          "frame.number": "1895",
-          "frame.len": "95",
-          "frame.cap_len": "95",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "81",
-          "ip.id": "0x00002b77",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00008d33",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "40021",
-          "udp.port": "53",
-          "udp.port": "40021",
-          "udp.length": "61",
-          "udp.checksum": "0x00008240",
-          "udp.checksum.status": "2",
-          "udp.stream": "54"
-        },
-        "dns": {
-          "dns.response_to": "1894",
-          "dns.time": "0.000508000",
-          "dns.id": "0x0000048c",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "1",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
-              "dns.resp.name": "dcp.cpp.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "644",
-              "dns.resp.len": "4",
-              "dns.a": "5.79.62.93"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459871.689099000",
-          "frame.time_delta": "0.145237000",
-          "frame.time_delta_displayed": "268.216907000",
-          "frame.time_relative": "2159.283895000",
-          "frame.number": "2153",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x000053f4",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x000064c9",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "49510",
-          "udp.dstport": "53",
-          "udp.port": "49510",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x000097c4",
-          "udp.checksum.status": "2",
-          "udp.stream": "60"
-        },
-        "dns": {
-          "dns.response_in": "2154",
-          "dns.id": "0x0000048d",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508459871.695550000",
-          "frame.time_delta": "0.006451000",
-          "frame.time_delta_displayed": "0.006451000",
-          "frame.time_relative": "2159.290346000",
-          "frame.number": "2154",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x0000851c",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x000031ec",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "49510",
-          "udp.port": "53",
-          "udp.port": "49510",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "60"
-        },
-        "dns": {
-          "dns.response_to": "2153",
-          "dns.time": "0.006451000",
-          "dns.id": "0x0000048d",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "141",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "13111",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2774",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "294",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4838",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.240"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "7614",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3676",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.90"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4084",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.94"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4641",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "218",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.246"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2322",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.232"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4774",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508460771.705423000",
-          "frame.time_delta": "3.937809000",
-          "frame.time_delta_displayed": "900.009873000",
-          "frame.time_relative": "3059.300219000",
-          "frame.number": "2958",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x0000b28e",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000062f",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "59344",
-          "udp.dstport": "53",
-          "udp.port": "59344",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x00007159",
-          "udp.checksum.status": "2",
-          "udp.stream": "72"
-        },
-        "dns": {
-          "dns.response_in": "2959",
-          "dns.id": "0x0000048e",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508460771.715857000",
-          "frame.time_delta": "0.010434000",
-          "frame.time_delta_displayed": "0.010434000",
-          "frame.time_relative": "3059.310653000",
-          "frame.number": "2959",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x0000ca5c",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000ecab",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "59344",
-          "udp.port": "53",
-          "udp.port": "59344",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "72"
-        },
-        "dns": {
-          "dns.response_to": "2958",
-          "dns.time": "0.010434000",
-          "dns.id": "0x0000048e",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "116",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "10613",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2787",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1095",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "7816",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.159"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "316",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "500",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.241"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5409",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1157",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.33"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "954",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.95"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1018",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.239"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5792",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508461671.725149000",
-          "frame.time_delta": "2.951813000",
-          "frame.time_delta_displayed": "900.009292000",
-          "frame.time_relative": "3959.319945000",
-          "frame.number": "3816",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x0000ba5a",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000fe62",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "34709",
-          "udp.dstport": "53",
-          "udp.port": "34709",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x0000d193",
-          "udp.checksum.status": "2",
-          "udp.stream": "84"
-        },
-        "dns": {
-          "dns.response_in": "3817",
-          "dns.id": "0x0000048f",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508461671.735281000",
-          "frame.time_delta": "0.010132000",
-          "frame.time_delta_displayed": "0.010132000",
-          "frame.time_relative": "3959.330077000",
-          "frame.number": "3817",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x00004a90",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00006c78",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "34709",
-          "udp.port": "53",
-          "udp.port": "34709",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "84"
-        },
-        "dns": {
-          "dns.response_to": "3816",
-          "dns.time": "0.010132000",
-          "dns.id": "0x0000048f",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "142",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "11311",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "974",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2496",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3038",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.240"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5814",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1876",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.90"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2284",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.94"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2841",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2419",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.93"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "522",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.232"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2974",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508461976.852097000",
-          "frame.time_delta": "3.045152000",
-          "frame.time_delta_displayed": "305.116816000",
-          "frame.time_relative": "4264.446893000",
-          "frame.number": "5571",
-          "frame.len": "83",
-          "frame.cap_len": "83",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "69",
-          "ip.id": "0x0000f879",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000c03c",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "46881",
-          "udp.dstport": "53",
-          "udp.port": "46881",
-          "udp.port": "53",
-          "udp.length": "49",
-          "udp.checksum": "0x0000d1bd",
-          "udp.checksum.status": "2",
-          "udp.stream": "89"
-        },
-        "dns": {
-          "dns.response_in": "5572",
-          "dns.id": "0x00000490",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "diagnostics.meethue.com: type A, class IN": {
-              "dns.qry.name": "diagnostics.meethue.com",
-              "dns.qry.name.len": "23",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508461976.936468000",
-          "frame.time_delta": "0.084371000",
-          "frame.time_delta_displayed": "0.084371000",
-          "frame.time_relative": "4264.531264000",
-          "frame.number": "5572",
-          "frame.len": "297",
-          "frame.cap_len": "297",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "283",
-          "ip.id": "0x00008c6e",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00002b72",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "46881",
-          "udp.port": "53",
-          "udp.port": "46881",
-          "udp.length": "263",
-          "udp.checksum": "0x0000830a",
-          "udp.checksum.status": "2",
-          "udp.stream": "89"
-        },
-        "dns": {
-          "dns.response_to": "5571",
-          "dns.time": "0.084371000",
-          "dns.id": "0x00000490",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "1",
-          "dns.count.auth_rr": "3",
-          "dns.count.add_rr": "6",
-          "Queries": {
-            "diagnostics.meethue.com: type A, class IN": {
-              "dns.qry.name": "diagnostics.meethue.com",
-              "dns.qry.name.len": "23",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
-              "dns.resp.name": "diagnostics.meethue.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "300",
-              "dns.resp.len": "4",
-              "dns.a": "130.211.67.12"
-            }
-          },
-          "Authoritative nameservers": {
-            "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
-              "dns.resp.name": "meethue.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3600",
-              "dns.resp.len": "18",
-              "dns.ns": "ns2.ext.philips.com"
-            },
-            "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
-              "dns.resp.name": "meethue.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3600",
-              "dns.resp.len": "6",
-              "dns.ns": "ns3.ext.philips.com"
-            },
-            "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
-              "dns.resp.name": "meethue.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3600",
-              "dns.resp.len": "6",
-              "dns.ns": "ns1.ext.philips.com"
-            }
-          },
-          "Additional records": {
-            "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
-              "dns.resp.name": "ns1.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "172800",
-              "dns.resp.len": "4",
-              "dns.a": "57.67.40.20"
-            },
-            "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
-              "dns.resp.name": "ns2.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "172800",
-              "dns.resp.len": "4",
-              "dns.a": "57.77.21.76"
-            },
-            "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
-              "dns.resp.name": "ns3.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "172800",
-              "dns.resp.len": "4",
-              "dns.a": "57.73.36.68"
-            },
-            "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
-              "dns.resp.name": "ns1.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2611",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
-            },
-            "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
-              "dns.resp.name": "ns2.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "62777",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
-            },
-            "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
-              "dns.resp.name": "ns3.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "62777",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508462571.746902000",
-          "frame.time_delta": "2.037142000",
-          "frame.time_delta_displayed": "594.810434000",
-          "frame.time_relative": "4859.341698000",
-          "frame.number": "6175",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x0000f884",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000c038",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "54444",
-          "udp.dstport": "53",
-          "udp.port": "54444",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x0000847a",
-          "udp.checksum.status": "2",
-          "udp.stream": "97"
-        },
-        "dns": {
-          "dns.response_in": "6176",
-          "dns.id": "0x00000491",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508462571.772932000",
-          "frame.time_delta": "0.026030000",
-          "frame.time_delta_displayed": "0.026030000",
-          "frame.time_relative": "4859.367728000",
-          "frame.number": "6176",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x00004cfa",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00006a0e",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "54444",
-          "udp.port": "53",
-          "udp.port": "54444",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "97"
-        },
-        "dns": {
-          "dns.response_to": "6175",
-          "dns.time": "0.026030000",
-          "dns.id": "0x00000491",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "116",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "8813",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "987",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3296",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6016",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.159"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6518",
-              "dns.resp.len": "4",
-              "dns.a": "96.17.70.188"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2701",
-              "dns.resp.len": "4",
-              "dns.a": "96.17.70.190"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3609",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "7358",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3156",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.166"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5219",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.92"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3992",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463201.624384000",
-          "frame.time_delta": "0.266457000",
-          "frame.time_delta_displayed": "629.851452000",
-          "frame.time_relative": "5489.219180000",
-          "frame.number": "6744",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x0000bf31",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000f988",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "37292",
-          "udp.dstport": "53",
-          "udp.port": "37292",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x00002eff",
-          "udp.checksum.status": "2",
-          "udp.stream": "102"
-        },
-        "dns": {
-          "dns.response_in": "6745",
-          "dns.id": "0x00000492",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463201.626468000",
-          "frame.time_delta": "0.002084000",
-          "frame.time_delta_displayed": "0.002084000",
-          "frame.time_relative": "5489.221264000",
-          "frame.number": "6745",
-          "frame.len": "137",
-          "frame.cap_len": "137",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "123",
-          "ip.id": "0x00003f71",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000790f",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "37292",
-          "udp.port": "53",
-          "udp.port": "37292",
-          "udp.length": "103",
-          "udp.checksum": "0x0000826a",
-          "udp.checksum.status": "2",
-          "udp.stream": "102"
-        },
-        "dns": {
-          "dns.response_to": "6744",
-          "dns.time": "0.002084000",
-          "dns.id": "0x00000492",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "1",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Authoritative nameservers": {
-            "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "6",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3220",
-              "dns.resp.len": "46",
-              "dns.soa.mname": "ns1.ext.philips.com",
-              "dns.soa.rname": "ddi-authority.philips.com",
-              "dns.soa.serial_number": "387",
-              "dns.soa.refresh_interval": "1200",
-              "dns.soa.retry_interval": "300",
-              "dns.soa.expire_limit": "1209600",
-              "dns.soa.mininum_ttl": "3600"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463201.627301000",
-          "frame.time_delta": "0.000833000",
-          "frame.time_delta_displayed": "0.000833000",
-          "frame.time_relative": "5489.222097000",
-          "frame.number": "6746",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x0000bf32",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000f987",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "54874",
-          "udp.dstport": "53",
-          "udp.port": "54874",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x00000550",
-          "udp.checksum.status": "2",
-          "udp.stream": "103"
-        },
-        "dns": {
-          "dns.response_in": "6747",
-          "dns.id": "0x00000493",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463201.628812000",
-          "frame.time_delta": "0.001511000",
-          "frame.time_delta_displayed": "0.001511000",
-          "frame.time_relative": "5489.223608000",
-          "frame.number": "6747",
-          "frame.len": "285",
-          "frame.cap_len": "285",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "271",
-          "ip.id": "0x00003f72",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000787a",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "54874",
-          "udp.port": "53",
-          "udp.port": "54874",
-          "udp.length": "251",
-          "udp.checksum": "0x000082fe",
-          "udp.checksum.status": "2",
-          "udp.stream": "103"
-        },
-        "dns": {
-          "dns.response_to": "6746",
-          "dns.time": "0.001511000",
-          "dns.id": "0x00000493",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "1",
-          "dns.count.auth_rr": "3",
-          "dns.count.add_rr": "6",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
-              "dns.resp.name": "dcp.cpp.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2985",
-              "dns.resp.len": "4",
-              "dns.a": "5.79.62.93"
-            }
-          },
-          "Authoritative nameservers": {
-            "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "413",
-              "dns.resp.len": "10",
-              "dns.ns": "ns1.ext.philips.com"
-            },
-            "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "413",
-              "dns.resp.len": "6",
-              "dns.ns": "ns2.ext.philips.com"
-            },
-            "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "413",
-              "dns.resp.len": "6",
-              "dns.ns": "ns3.ext.philips.com"
-            }
-          },
-          "Additional records": {
-            "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
-              "dns.resp.name": "ns1.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "171575",
-              "dns.resp.len": "4",
-              "dns.a": "57.67.40.20"
-            },
-            "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
-              "dns.resp.name": "ns2.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "171575",
-              "dns.resp.len": "4",
-              "dns.a": "57.77.21.76"
-            },
-            "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
-              "dns.resp.name": "ns3.ext.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "171575",
-              "dns.resp.len": "4",
-              "dns.a": "57.73.36.68"
-            },
-            "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
-              "dns.resp.name": "ns1.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1386",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
-            },
-            "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
-              "dns.resp.name": "ns2.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "61552",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
-            },
-            "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
-              "dns.resp.name": "ns3.ext.philips.com",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "61552",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463202.044352000",
-          "frame.time_delta": "0.001668000",
-          "frame.time_delta_displayed": "0.415540000",
-          "frame.time_relative": "5489.639148000",
-          "frame.number": "6763",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x0000bf41",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000f978",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "55176",
-          "udp.dstport": "53",
-          "udp.port": "55176",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x0000e920",
-          "udp.checksum.status": "2",
-          "udp.stream": "104"
-        },
-        "dns": {
-          "dns.response_in": "6764",
-          "dns.id": "0x00000494",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463202.044953000",
-          "frame.time_delta": "0.000601000",
-          "frame.time_delta_displayed": "0.000601000",
-          "frame.time_relative": "5489.639749000",
-          "frame.number": "6764",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x00003f96",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00007924",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "55176",
-          "udp.port": "53",
-          "udp.port": "55176",
-          "udp.length": "45",
-          "udp.checksum": "0x00008230",
-          "udp.checksum.status": "2",
-          "udp.stream": "104"
-        },
-        "dns": {
-          "dns.response_to": "6763",
-          "dns.time": "0.000601000",
-          "dns.id": "0x00000494",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463202.045769000",
-          "frame.time_delta": "0.000816000",
-          "frame.time_delta_displayed": "0.000816000",
-          "frame.time_relative": "5489.640565000",
-          "frame.number": "6765",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x0000bf42",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000f977",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "60660",
-          "udp.dstport": "53",
-          "udp.port": "60660",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x0000eeb3",
-          "udp.checksum.status": "2",
-          "udp.stream": "105"
-        },
-        "dns": {
-          "dns.response_in": "6766",
-          "dns.id": "0x00000495",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463202.046379000",
-          "frame.time_delta": "0.000610000",
-          "frame.time_delta_displayed": "0.000610000",
-          "frame.time_relative": "5489.641175000",
-          "frame.number": "6766",
-          "frame.len": "95",
-          "frame.cap_len": "95",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "81",
-          "ip.id": "0x00003f97",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00007913",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "60660",
-          "udp.port": "53",
-          "udp.port": "60660",
-          "udp.length": "61",
-          "udp.checksum": "0x00008240",
-          "udp.checksum.status": "2",
-          "udp.stream": "105"
-        },
-        "dns": {
-          "dns.response_to": "6765",
-          "dns.time": "0.000610000",
-          "dns.id": "0x00000495",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "1",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
-              "dns.resp.name": "dcp.cpp.philips.com",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2984",
-              "dns.resp.len": "4",
-              "dns.a": "5.79.62.93"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463471.778249000",
-          "frame.time_delta": "3.324074000",
-          "frame.time_delta_displayed": "269.731870000",
-          "frame.time_relative": "5759.373045000",
-          "frame.number": "7048",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x00001dd7",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00009ae6",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "36809",
-          "udp.dstport": "53",
-          "udp.port": "36809",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x0000c958",
-          "udp.checksum.status": "2",
-          "udp.stream": "113"
-        },
-        "dns": {
-          "dns.response_in": "7049",
-          "dns.id": "0x00000496",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508463471.799436000",
-          "frame.time_delta": "0.021187000",
-          "frame.time_delta_displayed": "0.021187000",
-          "frame.time_relative": "5759.394232000",
-          "frame.number": "7049",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x0000431d",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x000073eb",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "36809",
-          "udp.port": "53",
-          "udp.port": "36809",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "113"
-        },
-        "dns": {
-          "dns.response_to": "7048",
-          "dns.time": "0.021187000",
-          "dns.id": "0x00000496",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "116",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "7913",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "87",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2396",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5116",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.159"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5618",
-              "dns.resp.len": "4",
-              "dns.a": "96.17.70.188"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1801",
-              "dns.resp.len": "4",
-              "dns.a": "96.17.70.190"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2709",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6458",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2256",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.166"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4319",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.92"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3092",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508464371.807701000",
-          "frame.time_delta": "0.379478000",
-          "frame.time_delta_displayed": "900.008265000",
-          "frame.time_relative": "6659.402497000",
-          "frame.number": "7913",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x00009e02",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00001abb",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "47598",
-          "udp.dstport": "53",
-          "udp.port": "47598",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x00009f32",
-          "udp.checksum.status": "2",
-          "udp.stream": "123"
-        },
-        "dns": {
-          "dns.response_in": "7914",
-          "dns.id": "0x00000497",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508464371.814443000",
-          "frame.time_delta": "0.006742000",
-          "frame.time_delta_displayed": "0.006742000",
-          "frame.time_relative": "6659.409239000",
-          "frame.number": "7914",
-          "frame.len": "467",
-          "frame.cap_len": "467",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "453",
-          "ip.id": "0x0000e205",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000d530",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "47598",
-          "udp.port": "53",
-          "udp.port": "47598",
-          "udp.length": "433",
-          "udp.checksum": "0x000083b4",
-          "udp.checksum.status": "2",
-          "udp.stream": "123"
-        },
-        "dns": {
-          "dns.response_to": "7913",
-          "dns.time": "0.006742000",
-          "dns.id": "0x00000497",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "8",
-          "dns.count.add_rr": "8",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "142",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "8611",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.113"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "275",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3797",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "338",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.240"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3114",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3177",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "5586",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.230"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "141",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3720",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.234"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3824",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.92"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508465271.823654000",
-          "frame.time_delta": "3.748666000",
-          "frame.time_delta_displayed": "900.009211000",
-          "frame.time_relative": "7559.418450000",
-          "frame.number": "8671",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x0000e910",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000cfac",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "33804",
-          "udp.dstport": "53",
-          "udp.port": "33804",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x0000d513",
-          "udp.checksum.status": "2",
-          "udp.stream": "132"
-        },
-        "dns": {
-          "dns.response_in": "8672",
-          "dns.id": "0x00000498",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508465271.884431000",
-          "frame.time_delta": "0.060777000",
-          "frame.time_delta_displayed": "0.060777000",
-          "frame.time_relative": "7559.479227000",
-          "frame.number": "8672",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x00004cdb",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00006a2d",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "33804",
-          "udp.port": "53",
-          "udp.port": "33804",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "132"
-        },
-        "dns": {
-          "dns.response_to": "8671",
-          "dns.time": "0.060777000",
-          "dns.id": "0x00000498",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "116",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6113",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.73"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.2"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2288",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "596",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3316",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.159"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3818",
-              "dns.resp.len": "4",
-              "dns.a": "96.17.70.188"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1",
-              "dns.resp.len": "4",
-              "dns.a": "96.17.70.190"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "909",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.134.244"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4658",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "456",
-              "dns.resp.len": "4",
-              "dns.a": "184.51.200.166"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2519",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.92"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1292",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508466171.895282000",
-          "frame.time_delta": "7.109343000",
-          "frame.time_delta_displayed": "900.010851000",
-          "frame.time_relative": "8459.490078000",
-          "frame.number": "9475",
-          "frame.len": "76",
-          "frame.cap_len": "76",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "62",
-          "ip.id": "0x0000ffbc",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000b900",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "33283",
-          "udp.dstport": "53",
-          "udp.port": "33283",
-          "udp.port": "53",
-          "udp.length": "42",
-          "udp.checksum": "0x0000d71b",
-          "udp.checksum.status": "2",
-          "udp.stream": "144"
-        },
-        "dns": {
-          "dns.response_in": "9476",
-          "dns.id": "0x00000499",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508466171.906565000",
-          "frame.time_delta": "0.011283000",
-          "frame.time_delta_displayed": "0.011283000",
-          "frame.time_relative": "8459.501361000",
-          "frame.number": "9476",
-          "frame.len": "513",
-          "frame.cap_len": "513",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "499",
-          "ip.id": "0x0000a915",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x00000df3",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "33283",
-          "udp.port": "53",
-          "udp.port": "33283",
-          "udp.length": "479",
-          "udp.checksum": "0x000083e2",
-          "udp.checksum.status": "2",
-          "udp.stream": "144"
-        },
-        "dns": {
-          "dns.response_to": "9475",
-          "dns.time": "0.011283000",
-          "dns.id": "0x00000499",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "4",
-          "dns.count.auth_rr": "9",
-          "dns.count.add_rr": "9",
-          "Queries": {
-            "www2.meethue.com: type A, class IN": {
-              "dns.qry.name": "www2.meethue.com",
-              "dns.qry.name.len": "16",
-              "dns.count.labels": "3",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Answers": {
-            "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
-              "dns.resp.name": "www2.meethue.com",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "142",
-              "dns.resp.len": "41",
-              "dns.cname": "brands.lighting.philips.com.edgekey.net"
-            },
-            "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
-              "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
-              "dns.resp.type": "5",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6811",
-              "dns.resp.len": "22",
-              "dns.cname": "e15361.b.akamaiedge.net"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.112"
-            },
-            "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
-              "dns.resp.name": "e15361.b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "20",
-              "dns.resp.len": "4",
-              "dns.a": "173.223.52.125"
-            }
-          },
-          "Authoritative nameservers": {
-            "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n5b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "a0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n4b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n2b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n0b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n3b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n7b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n6b.akamaiedge.net"
-            },
-            "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
-              "dns.resp.name": "b.akamaiedge.net",
-              "dns.resp.type": "2",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2475",
-              "dns.resp.len": "6",
-              "dns.ns": "n1b.akamaiedge.net"
-            }
-          },
-          "Additional records": {
-            "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
-              "dns.resp.name": "n0b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1997",
-              "dns.resp.len": "4",
-              "dns.a": "88.221.81.192"
-            },
-            "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
-              "dns.resp.name": "n1b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6539",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.41"
-            },
-            "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
-              "dns.resp.name": "n2b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1314",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.89"
-            },
-            "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
-              "dns.resp.name": "n3b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1377",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.229"
-            },
-            "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
-              "dns.resp.name": "n4b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "3786",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.230"
-            },
-            "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
-              "dns.resp.name": "n5b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "6342",
-              "dns.resp.len": "4",
-              "dns.a": "204.1.137.37"
-            },
-            "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
-              "dns.resp.name": "n6b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1920",
-              "dns.resp.len": "4",
-              "dns.a": "173.197.192.234"
-            },
-            "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
-              "dns.resp.name": "n7b.akamaiedge.net",
-              "dns.resp.type": "1",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "2024",
-              "dns.resp.len": "4",
-              "dns.a": "165.254.16.92"
-            },
-            "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
-              "dns.resp.name": "a0b.akamaiedge.net",
-              "dns.resp.type": "28",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "4475",
-              "dns.resp.len": "16",
-              "dns.aaaa": "2600:1480:e800::c0"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508466802.239450000",
-          "frame.time_delta": "4.788057000",
-          "frame.time_delta_displayed": "630.332885000",
-          "frame.time_relative": "9089.834246000",
-          "frame.number": "10050",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x0000751c",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000439e",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "51418",
-          "udp.dstport": "53",
-          "udp.port": "51418",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x0000f7c8",
-          "udp.checksum.status": "2",
-          "udp.stream": "151"
-        },
-        "dns": {
-          "dns.response_in": "10051",
-          "dns.id": "0x0000049a",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508466802.241425000",
-          "frame.time_delta": "0.001975000",
-          "frame.time_delta_displayed": "0.001975000",
-          "frame.time_relative": "9089.836221000",
-          "frame.number": "10051",
-          "frame.len": "137",
-          "frame.cap_len": "137",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-            "eth.src_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "123",
-          "ip.id": "0x000030bf",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x000087c1",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.src_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "ip.dst": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.dst_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "53",
-          "udp.dstport": "51418",
-          "udp.port": "53",
-          "udp.port": "51418",
-          "udp.length": "103",
-          "udp.checksum": "0x0000826a",
-          "udp.checksum.status": "2",
-          "udp.stream": "151"
-        },
-        "dns": {
-          "dns.response_to": "10050",
-          "dns.time": "0.001975000",
-          "dns.id": "0x0000049a",
-          "dns.flags": "0x00008180",
-          "dns.flags_tree": {
-            "dns.flags.response": "1",
-            "dns.flags.opcode": "0",
-            "dns.flags.authoritative": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.recavail": "1",
-            "dns.flags.z": "0",
-            "dns.flags.authenticated": "0",
-            "dns.flags.checkdisable": "0",
-            "dns.flags.rcode": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "1",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type AAAA, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "28",
-              "dns.qry.class": "0x00000001"
-            }
-          },
-          "Authoritative nameservers": {
-            "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
-              "dns.resp.name": "cpp.philips.com",
-              "dns.resp.type": "6",
-              "dns.resp.class": "0x00000001",
-              "dns.resp.ttl": "1786",
-              "dns.resp.len": "46",
-              "dns.soa.mname": "ns1.ext.philips.com",
-              "dns.soa.rname": "ddi-authority.philips.com",
-              "dns.soa.serial_number": "387",
-              "dns.soa.refresh_interval": "1200",
-              "dns.soa.retry_interval": "300",
-              "dns.soa.expire_limit": "1209600",
-              "dns.soa.mininum_ttl": "3600"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508466802.242432000",
-          "frame.time_delta": "0.001007000",
-          "frame.time_delta_displayed": "0.001007000",
-          "frame.time_relative": "9089.837228000",
-          "frame.number": "10052",
-          "frame.len": "79",
-          "frame.cap_len": "79",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "b0:b9:8a:73:69:8e",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "Netgear_73:69:8e",
-            "eth.addr": "b0:b9:8a:73:69:8e",
-            "eth.addr_resolved": "Netgear_73:69:8e",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "00:17:88:69:ee:e4",
-          "eth.src_tree": {
-            "eth.src_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.type": "0x00000800"
-        },
-        "ip": {
-          "ip.version": "4",
-          "ip.hdr_len": "20",
-          "ip.dsfield": "0x00000000",
-          "ip.dsfield_tree": {
-            "ip.dsfield.dscp": "0",
-            "ip.dsfield.ecn": "0"
-          },
-          "ip.len": "65",
-          "ip.id": "0x0000751d",
-          "ip.flags": "0x00000002",
-          "ip.flags_tree": {
-            "ip.flags.rb": "0",
-            "ip.flags.df": "1",
-            "ip.flags.mf": "0"
-          },
-          "ip.frag_offset": "0",
-          "ip.ttl": "64",
-          "ip.proto": "17",
-          "ip.checksum": "0x0000439d",
-          "ip.checksum.status": "2",
-          "ip.src": "192.168.0.160",
-          "ip.addr": "192.168.0.160",
-          "ip.src_host": "192.168.0.160",
-          "ip.host": "192.168.0.160",
-          "ip.dst": "192.168.0.1",
-          "ip.addr": "192.168.0.1",
-          "ip.dst_host": "192.168.0.1",
-          "ip.host": "192.168.0.1",
-          "Source GeoIP: Unknown": "",
-          "Destination GeoIP: Unknown": ""
-        },
-        "udp": {
-          "udp.srcport": "60729",
-          "udp.dstport": "53",
-          "udp.port": "60729",
-          "udp.port": "53",
-          "udp.length": "45",
-          "udp.checksum": "0x0000ee68",
-          "udp.checksum.status": "2",
-          "udp.stream": "152"
-        },
-        "dns": {
-          "dns.response_in": "10053",
-          "dns.id": "0x0000049b",
-          "dns.flags": "0x00000100",
-          "dns.flags_tree": {
-            "dns.flags.response": "0",
-            "dns.flags.opcode": "0",
-            "dns.flags.truncated": "0",
-            "dns.flags.recdesired": "1",
-            "dns.flags.z": "0",
-            "dns.flags.checkdisable": "0"
-          },
-          "dns.count.queries": "1",
-          "dns.count.answers": "0",
-          "dns.count.auth_rr": "0",
-          "dns.count.add_rr": "0",
-          "Queries": {
-            "dcp.cpp.philips.com: type A, class IN": {
-              "dns.qry.name": "dcp.cpp.philips.com",
-              "dns.qry.name.len": "19",
-              "dns.count.labels": "4",
-              "dns.qry.type": "1",
-              "dns.qry.class": "0x00000001"
-            }
-          }
-        }
-      }
-    }
-  }
-  ,
-  {
-    "_index": "packets-2017-10-26",
-    "_type": "pcap_file",
-    "_score": null,
-    "_source": {
-      "layers": {
-        "frame": {
-          "frame.encap_type": "1",
-          "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT",
-          "frame.offset_shift": "0.000000000",
-          "frame.time_epoch": "1508466802.244090000",
-          "frame.time_delta": "0.001658000",
-          "frame.time_delta_displayed": "0.001658000",
-          "frame.time_relative": "9089.838886000",
-          "frame.number": "10053",
-          "frame.len": "285",
-          "frame.cap_len": "285",
-          "frame.marked": "0",
-          "frame.ignored": "0",
-          "frame.protocols": "eth:ethertype:ip:udp:dns",
-          "frame.coloring_rule.name": "UDP",
-          "frame.coloring_rule.string": "udp"
-        },
-        "eth": {
-          "eth.dst": "00:17:88:69:ee:e4",
-          "eth.dst_tree": {
-            "eth.dst_resolved": "PhilipsL_69:ee:e4",
-            "eth.addr": "00:17:88:69:ee:e4",
-            "eth.addr_resolved": "PhilipsL_69:ee:e4",
-            "eth.lg": "0",
-            "eth.ig": "0"
-          },
-          "eth.src": "b0:b9:8a:73:69:8e",
-          "eth.src_tree": {
-