--- /dev/null
+[
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458071.560156000",
+ "frame.time_delta": "1.053360000",
+ "frame.time_delta_displayed": "0.000000000",
+ "frame.time_relative": "359.154952000",
+ "frame.number": "380",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c5d4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f2e8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35041",
+ "udp.dstport": "53",
+ "udp.port": "35041",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d04f",
+ "udp.checksum.status": "2",
+ "udp.stream": "19"
+ },
+ "dns": {
+ "dns.response_in": "381",
+ "dns.id": "0x00000487",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458071.597999000",
+ "frame.time_delta": "0.037843000",
+ "frame.time_delta_displayed": "0.037843000",
+ "frame.time_relative": "359.192795000",
+ "frame.number": "381",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001e6a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000989e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35041",
+ "udp.port": "53",
+ "udp.port": "35041",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "19"
+ },
+ "dns": {
+ "dns.response_to": "380",
+ "dns.time": "0.037843000",
+ "dns.id": "0x00000487",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13313",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3795",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2515",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3016",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3200",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2106",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3857",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3654",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3718",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2491",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458971.607393000",
+ "frame.time_delta": "4.029605000",
+ "frame.time_delta_displayed": "900.009394000",
+ "frame.time_relative": "1259.202189000",
+ "frame.number": "1239",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000103",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b7ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57902",
+ "udp.dstport": "53",
+ "udp.port": "57902",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007701",
+ "udp.checksum.status": "2",
+ "udp.stream": "36"
+ },
+ "dns": {
+ "dns.response_in": "1240",
+ "dns.id": "0x00000488",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458971.678853000",
+ "frame.time_delta": "0.071460000",
+ "frame.time_delta_displayed": "0.071460000",
+ "frame.time_relative": "1259.273649000",
+ "frame.number": "1240",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00004f7c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57902",
+ "udp.port": "53",
+ "udp.port": "57902",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "36"
+ },
+ "dns": {
+ "dns.response_to": "1239",
+ "dns.time": "0.071460000",
+ "dns.id": "0x00000488",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12413",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2895",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1615",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2116",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2300",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1206",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2957",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2754",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2818",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.045476000",
+ "frame.time_delta": "1.106645000",
+ "frame.time_delta_displayed": "631.366623000",
+ "frame.time_relative": "1890.640272000",
+ "frame.number": "1873",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f1b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44067",
+ "udp.dstport": "53",
+ "udp.port": "44067",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001491",
+ "udp.checksum.status": "2",
+ "udp.stream": "51"
+ },
+ "dns": {
+ "dns.response_in": "1874",
+ "dns.id": "0x00000489",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.047090000",
+ "frame.time_delta": "0.001614000",
+ "frame.time_delta_displayed": "0.001614000",
+ "frame.time_relative": "1890.641886000",
+ "frame.number": "1874",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00002b52",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d2e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44067",
+ "udp.port": "53",
+ "udp.port": "44067",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "51"
+ },
+ "dns": {
+ "dns.response_to": "1873",
+ "dns.time": "0.001614000",
+ "dns.id": "0x00000489",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "643",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.048272000",
+ "frame.time_delta": "0.001182000",
+ "frame.time_delta_displayed": "0.001182000",
+ "frame.time_relative": "1890.643068000",
+ "frame.number": "1875",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f1c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51510",
+ "udp.dstport": "53",
+ "udp.port": "51510",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000127d",
+ "udp.checksum.status": "2",
+ "udp.stream": "52"
+ },
+ "dns": {
+ "dns.response_in": "1876",
+ "dns.id": "0x0000048a",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.049516000",
+ "frame.time_delta": "0.001244000",
+ "frame.time_delta_displayed": "0.001244000",
+ "frame.time_relative": "1890.644312000",
+ "frame.number": "1876",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00002b53",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008c99",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51510",
+ "udp.port": "53",
+ "udp.port": "51510",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "52"
+ },
+ "dns": {
+ "dns.response_to": "1875",
+ "dns.time": "0.001244000",
+ "dns.id": "0x0000048a",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155007",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3438",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3438",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "158626",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151199",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151199",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.470381000",
+ "frame.time_delta": "0.000880000",
+ "frame.time_delta_displayed": "0.420865000",
+ "frame.time_relative": "1891.065177000",
+ "frame.number": "1892",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f22",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009998",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44843",
+ "udp.dstport": "53",
+ "udp.port": "44843",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001187",
+ "udp.checksum.status": "2",
+ "udp.stream": "53"
+ },
+ "dns": {
+ "dns.response_in": "1893",
+ "dns.id": "0x0000048b",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.470880000",
+ "frame.time_delta": "0.000499000",
+ "frame.time_delta_displayed": "0.000499000",
+ "frame.time_relative": "1891.065676000",
+ "frame.number": "1893",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00002b76",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d44",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44843",
+ "udp.port": "53",
+ "udp.port": "44843",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "53"
+ },
+ "dns": {
+ "dns.response_to": "1892",
+ "dns.time": "0.000499000",
+ "dns.id": "0x0000048b",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.471684000",
+ "frame.time_delta": "0.000804000",
+ "frame.time_delta_displayed": "0.000804000",
+ "frame.time_relative": "1891.066480000",
+ "frame.number": "1894",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f23",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009997",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "40021",
+ "udp.dstport": "53",
+ "udp.port": "40021",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003f5c",
+ "udp.checksum.status": "2",
+ "udp.stream": "54"
+ },
+ "dns": {
+ "dns.response_in": "1895",
+ "dns.id": "0x0000048c",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.472192000",
+ "frame.time_delta": "0.000508000",
+ "frame.time_delta_displayed": "0.000508000",
+ "frame.time_relative": "1891.066988000",
+ "frame.number": "1895",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00002b77",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d33",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "40021",
+ "udp.port": "53",
+ "udp.port": "40021",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "54"
+ },
+ "dns": {
+ "dns.response_to": "1894",
+ "dns.time": "0.000508000",
+ "dns.id": "0x0000048c",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459871.689099000",
+ "frame.time_delta": "0.145237000",
+ "frame.time_delta_displayed": "268.216907000",
+ "frame.time_relative": "2159.283895000",
+ "frame.number": "2153",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000053f4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000064c9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49510",
+ "udp.dstport": "53",
+ "udp.port": "49510",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000097c4",
+ "udp.checksum.status": "2",
+ "udp.stream": "60"
+ },
+ "dns": {
+ "dns.response_in": "2154",
+ "dns.id": "0x0000048d",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459871.695550000",
+ "frame.time_delta": "0.006451000",
+ "frame.time_delta_displayed": "0.006451000",
+ "frame.time_relative": "2159.290346000",
+ "frame.number": "2154",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000851c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000031ec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49510",
+ "udp.port": "53",
+ "udp.port": "49510",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "60"
+ },
+ "dns": {
+ "dns.response_to": "2153",
+ "dns.time": "0.006451000",
+ "dns.id": "0x0000048d",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13111",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "294",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4838",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7614",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3676",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.90"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4084",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4641",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "218",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2322",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.232"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4774",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508460771.705423000",
+ "frame.time_delta": "3.937809000",
+ "frame.time_delta_displayed": "900.009873000",
+ "frame.time_relative": "3059.300219000",
+ "frame.number": "2958",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000b28e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000062f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59344",
+ "udp.dstport": "53",
+ "udp.port": "59344",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007159",
+ "udp.checksum.status": "2",
+ "udp.stream": "72"
+ },
+ "dns": {
+ "dns.response_in": "2959",
+ "dns.id": "0x0000048e",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508460771.715857000",
+ "frame.time_delta": "0.010434000",
+ "frame.time_delta_displayed": "0.010434000",
+ "frame.time_relative": "3059.310653000",
+ "frame.number": "2959",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ca5c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ecab",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59344",
+ "udp.port": "53",
+ "udp.port": "59344",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "72"
+ },
+ "dns": {
+ "dns.response_to": "2958",
+ "dns.time": "0.010434000",
+ "dns.id": "0x0000048e",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10613",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1095",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7816",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "316",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "500",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5409",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1157",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "954",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1018",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5792",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461671.725149000",
+ "frame.time_delta": "2.951813000",
+ "frame.time_delta_displayed": "900.009292000",
+ "frame.time_relative": "3959.319945000",
+ "frame.number": "3816",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ba5a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe62",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34709",
+ "udp.dstport": "53",
+ "udp.port": "34709",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d193",
+ "udp.checksum.status": "2",
+ "udp.stream": "84"
+ },
+ "dns": {
+ "dns.response_in": "3817",
+ "dns.id": "0x0000048f",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461671.735281000",
+ "frame.time_delta": "0.010132000",
+ "frame.time_delta_displayed": "0.010132000",
+ "frame.time_relative": "3959.330077000",
+ "frame.number": "3817",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004a90",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006c78",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34709",
+ "udp.port": "53",
+ "udp.port": "34709",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "84"
+ },
+ "dns": {
+ "dns.response_to": "3816",
+ "dns.time": "0.010132000",
+ "dns.id": "0x0000048f",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "11311",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2496",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3038",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5814",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1876",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.90"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2284",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2841",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2419",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.93"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "522",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.232"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2974",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461976.852097000",
+ "frame.time_delta": "3.045152000",
+ "frame.time_delta_displayed": "305.116816000",
+ "frame.time_relative": "4264.446893000",
+ "frame.number": "5571",
+ "frame.len": "83",
+ "frame.cap_len": "83",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "69",
+ "ip.id": "0x0000f879",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c03c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46881",
+ "udp.dstport": "53",
+ "udp.port": "46881",
+ "udp.port": "53",
+ "udp.length": "49",
+ "udp.checksum": "0x0000d1bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "89"
+ },
+ "dns": {
+ "dns.response_in": "5572",
+ "dns.id": "0x00000490",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461976.936468000",
+ "frame.time_delta": "0.084371000",
+ "frame.time_delta_displayed": "0.084371000",
+ "frame.time_relative": "4264.531264000",
+ "frame.number": "5572",
+ "frame.len": "297",
+ "frame.cap_len": "297",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "283",
+ "ip.id": "0x00008c6e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b72",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46881",
+ "udp.port": "53",
+ "udp.port": "46881",
+ "udp.length": "263",
+ "udp.checksum": "0x0000830a",
+ "udp.checksum.status": "2",
+ "udp.stream": "89"
+ },
+ "dns": {
+ "dns.response_to": "5571",
+ "dns.time": "0.084371000",
+ "dns.id": "0x00000490",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
+ "dns.resp.name": "diagnostics.meethue.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "4",
+ "dns.a": "130.211.67.12"
+ }
+ },
+ "Authoritative nameservers": {
+ "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "18",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2611",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "62777",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "62777",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508462571.746902000",
+ "frame.time_delta": "2.037142000",
+ "frame.time_delta_displayed": "594.810434000",
+ "frame.time_relative": "4859.341698000",
+ "frame.number": "6175",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f884",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c038",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54444",
+ "udp.dstport": "53",
+ "udp.port": "54444",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000847a",
+ "udp.checksum.status": "2",
+ "udp.stream": "97"
+ },
+ "dns": {
+ "dns.response_in": "6176",
+ "dns.id": "0x00000491",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508462571.772932000",
+ "frame.time_delta": "0.026030000",
+ "frame.time_delta_displayed": "0.026030000",
+ "frame.time_relative": "4859.367728000",
+ "frame.number": "6176",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004cfa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006a0e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54444",
+ "udp.port": "53",
+ "udp.port": "54444",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "97"
+ },
+ "dns": {
+ "dns.response_to": "6175",
+ "dns.time": "0.026030000",
+ "dns.id": "0x00000491",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8813",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3296",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6016",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6518",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2701",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3609",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7358",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3156",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5219",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3992",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.624384000",
+ "frame.time_delta": "0.266457000",
+ "frame.time_delta_displayed": "629.851452000",
+ "frame.time_relative": "5489.219180000",
+ "frame.number": "6744",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf31",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f988",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37292",
+ "udp.dstport": "53",
+ "udp.port": "37292",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002eff",
+ "udp.checksum.status": "2",
+ "udp.stream": "102"
+ },
+ "dns": {
+ "dns.response_in": "6745",
+ "dns.id": "0x00000492",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.626468000",
+ "frame.time_delta": "0.002084000",
+ "frame.time_delta_displayed": "0.002084000",
+ "frame.time_relative": "5489.221264000",
+ "frame.number": "6745",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00003f71",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000790f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37292",
+ "udp.port": "53",
+ "udp.port": "37292",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "102"
+ },
+ "dns": {
+ "dns.response_to": "6744",
+ "dns.time": "0.002084000",
+ "dns.id": "0x00000492",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.627301000",
+ "frame.time_delta": "0.000833000",
+ "frame.time_delta_displayed": "0.000833000",
+ "frame.time_relative": "5489.222097000",
+ "frame.number": "6746",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf32",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f987",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54874",
+ "udp.dstport": "53",
+ "udp.port": "54874",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000550",
+ "udp.checksum.status": "2",
+ "udp.stream": "103"
+ },
+ "dns": {
+ "dns.response_in": "6747",
+ "dns.id": "0x00000493",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.628812000",
+ "frame.time_delta": "0.001511000",
+ "frame.time_delta_displayed": "0.001511000",
+ "frame.time_relative": "5489.223608000",
+ "frame.number": "6747",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00003f72",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000787a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54874",
+ "udp.port": "53",
+ "udp.port": "54874",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "103"
+ },
+ "dns": {
+ "dns.response_to": "6746",
+ "dns.time": "0.001511000",
+ "dns.id": "0x00000493",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2985",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1386",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "61552",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "61552",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.044352000",
+ "frame.time_delta": "0.001668000",
+ "frame.time_delta_displayed": "0.415540000",
+ "frame.time_relative": "5489.639148000",
+ "frame.number": "6763",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf41",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f978",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55176",
+ "udp.dstport": "53",
+ "udp.port": "55176",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e920",
+ "udp.checksum.status": "2",
+ "udp.stream": "104"
+ },
+ "dns": {
+ "dns.response_in": "6764",
+ "dns.id": "0x00000494",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.044953000",
+ "frame.time_delta": "0.000601000",
+ "frame.time_delta_displayed": "0.000601000",
+ "frame.time_relative": "5489.639749000",
+ "frame.number": "6764",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00003f96",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007924",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55176",
+ "udp.port": "53",
+ "udp.port": "55176",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "104"
+ },
+ "dns": {
+ "dns.response_to": "6763",
+ "dns.time": "0.000601000",
+ "dns.id": "0x00000494",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.045769000",
+ "frame.time_delta": "0.000816000",
+ "frame.time_delta_displayed": "0.000816000",
+ "frame.time_relative": "5489.640565000",
+ "frame.number": "6765",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf42",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f977",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60660",
+ "udp.dstport": "53",
+ "udp.port": "60660",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000eeb3",
+ "udp.checksum.status": "2",
+ "udp.stream": "105"
+ },
+ "dns": {
+ "dns.response_in": "6766",
+ "dns.id": "0x00000495",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.046379000",
+ "frame.time_delta": "0.000610000",
+ "frame.time_delta_displayed": "0.000610000",
+ "frame.time_relative": "5489.641175000",
+ "frame.number": "6766",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00003f97",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007913",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60660",
+ "udp.port": "53",
+ "udp.port": "60660",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "105"
+ },
+ "dns": {
+ "dns.response_to": "6765",
+ "dns.time": "0.000610000",
+ "dns.id": "0x00000495",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2984",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463471.778249000",
+ "frame.time_delta": "3.324074000",
+ "frame.time_delta_displayed": "269.731870000",
+ "frame.time_relative": "5759.373045000",
+ "frame.number": "7048",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001dd7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009ae6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36809",
+ "udp.dstport": "53",
+ "udp.port": "36809",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c958",
+ "udp.checksum.status": "2",
+ "udp.stream": "113"
+ },
+ "dns": {
+ "dns.response_in": "7049",
+ "dns.id": "0x00000496",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463471.799436000",
+ "frame.time_delta": "0.021187000",
+ "frame.time_delta_displayed": "0.021187000",
+ "frame.time_relative": "5759.394232000",
+ "frame.number": "7049",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000431d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073eb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36809",
+ "udp.port": "53",
+ "udp.port": "36809",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "113"
+ },
+ "dns": {
+ "dns.response_to": "7048",
+ "dns.time": "0.021187000",
+ "dns.id": "0x00000496",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7913",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2396",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5116",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5618",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1801",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2709",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6458",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2256",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4319",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3092",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508464371.807701000",
+ "frame.time_delta": "0.379478000",
+ "frame.time_delta_displayed": "900.008265000",
+ "frame.time_relative": "6659.402497000",
+ "frame.number": "7913",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009e02",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001abb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47598",
+ "udp.dstport": "53",
+ "udp.port": "47598",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009f32",
+ "udp.checksum.status": "2",
+ "udp.stream": "123"
+ },
+ "dns": {
+ "dns.response_in": "7914",
+ "dns.id": "0x00000497",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508464371.814443000",
+ "frame.time_delta": "0.006742000",
+ "frame.time_delta_displayed": "0.006742000",
+ "frame.time_relative": "6659.409239000",
+ "frame.number": "7914",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x0000e205",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d530",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47598",
+ "udp.port": "53",
+ "udp.port": "47598",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "123"
+ },
+ "dns": {
+ "dns.response_to": "7913",
+ "dns.time": "0.006742000",
+ "dns.id": "0x00000497",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8611",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3797",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "338",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3114",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3177",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5586",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3720",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.234"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3824",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508465271.823654000",
+ "frame.time_delta": "3.748666000",
+ "frame.time_delta_displayed": "900.009211000",
+ "frame.time_relative": "7559.418450000",
+ "frame.number": "8671",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e910",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000cfac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33804",
+ "udp.dstport": "53",
+ "udp.port": "33804",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d513",
+ "udp.checksum.status": "2",
+ "udp.stream": "132"
+ },
+ "dns": {
+ "dns.response_in": "8672",
+ "dns.id": "0x00000498",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508465271.884431000",
+ "frame.time_delta": "0.060777000",
+ "frame.time_delta_displayed": "0.060777000",
+ "frame.time_relative": "7559.479227000",
+ "frame.number": "8672",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004cdb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006a2d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33804",
+ "udp.port": "53",
+ "udp.port": "33804",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "132"
+ },
+ "dns": {
+ "dns.response_to": "8671",
+ "dns.time": "0.060777000",
+ "dns.id": "0x00000498",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6113",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "596",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3316",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3818",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "909",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4658",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "456",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2519",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1292",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466171.895282000",
+ "frame.time_delta": "7.109343000",
+ "frame.time_delta_displayed": "900.010851000",
+ "frame.time_relative": "8459.490078000",
+ "frame.number": "9475",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ffbc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b900",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33283",
+ "udp.dstport": "53",
+ "udp.port": "33283",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d71b",
+ "udp.checksum.status": "2",
+ "udp.stream": "144"
+ },
+ "dns": {
+ "dns.response_in": "9476",
+ "dns.id": "0x00000499",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466171.906565000",
+ "frame.time_delta": "0.011283000",
+ "frame.time_delta_displayed": "0.011283000",
+ "frame.time_relative": "8459.501361000",
+ "frame.number": "9476",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a915",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000df3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33283",
+ "udp.port": "53",
+ "udp.port": "33283",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "144"
+ },
+ "dns": {
+ "dns.response_to": "9475",
+ "dns.time": "0.011283000",
+ "dns.id": "0x00000499",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6811",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1997",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6539",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1314",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1377",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3786",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6342",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.234"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2024",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4475",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.239450000",
+ "frame.time_delta": "4.788057000",
+ "frame.time_delta_displayed": "630.332885000",
+ "frame.time_relative": "9089.834246000",
+ "frame.number": "10050",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000751c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000439e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51418",
+ "udp.dstport": "53",
+ "udp.port": "51418",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f7c8",
+ "udp.checksum.status": "2",
+ "udp.stream": "151"
+ },
+ "dns": {
+ "dns.response_in": "10051",
+ "dns.id": "0x0000049a",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.241425000",
+ "frame.time_delta": "0.001975000",
+ "frame.time_delta_displayed": "0.001975000",
+ "frame.time_relative": "9089.836221000",
+ "frame.number": "10051",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000030bf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087c1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51418",
+ "udp.port": "53",
+ "udp.port": "51418",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "151"
+ },
+ "dns": {
+ "dns.response_to": "10050",
+ "dns.time": "0.001975000",
+ "dns.id": "0x0000049a",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.242432000",
+ "frame.time_delta": "0.001007000",
+ "frame.time_delta_displayed": "0.001007000",
+ "frame.time_relative": "9089.837228000",
+ "frame.number": "10052",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000751d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000439d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60729",
+ "udp.dstport": "53",
+ "udp.port": "60729",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ee68",
+ "udp.checksum.status": "2",
+ "udp.stream": "152"
+ },
+ "dns": {
+ "dns.response_in": "10053",
+ "dns.id": "0x0000049b",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.244090000",
+ "frame.time_delta": "0.001658000",
+ "frame.time_delta_displayed": "0.001658000",
+ "frame.time_relative": "9089.838886000",
+ "frame.number": "10053",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000030c0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000872c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60729",
+ "udp.port": "53",
+ "udp.port": "60729",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "152"
+ },
+ "dns": {
+ "dns.response_to": "10052",
+ "dns.time": "0.001658000",
+ "dns.id": "0x0000049b",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "147808",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172526",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172526",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151427",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144000",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144000",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.660387000",
+ "frame.time_delta": "0.001051000",
+ "frame.time_delta_displayed": "0.416297000",
+ "frame.time_relative": "9090.255183000",
+ "frame.number": "10069",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007547",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004373",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46220",
+ "udp.dstport": "53",
+ "udp.port": "46220",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000c15",
+ "udp.checksum.status": "2",
+ "udp.stream": "153"
+ },
+ "dns": {
+ "dns.response_in": "10070",
+ "dns.id": "0x0000049c",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.660954000",
+ "frame.time_delta": "0.000567000",
+ "frame.time_delta_displayed": "0.000567000",
+ "frame.time_relative": "9090.255750000",
+ "frame.number": "10070",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000030d6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087e4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46220",
+ "udp.port": "53",
+ "udp.port": "46220",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "153"
+ },
+ "dns": {
+ "dns.response_to": "10069",
+ "dns.time": "0.000567000",
+ "dns.id": "0x0000049c",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.661749000",
+ "frame.time_delta": "0.000795000",
+ "frame.time_delta_displayed": "0.000795000",
+ "frame.time_relative": "9090.256545000",
+ "frame.number": "10071",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",