--- /dev/null
+[
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458071.560156000",
+ "frame.time_delta": "1.053360000",
+ "frame.time_delta_displayed": "0.000000000",
+ "frame.time_relative": "359.154952000",
+ "frame.number": "380",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c5d4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f2e8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35041",
+ "udp.dstport": "53",
+ "udp.port": "35041",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d04f",
+ "udp.checksum.status": "2",
+ "udp.stream": "19"
+ },
+ "dns": {
+ "dns.response_in": "381",
+ "dns.id": "0x00000487",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458071.597999000",
+ "frame.time_delta": "0.037843000",
+ "frame.time_delta_displayed": "0.037843000",
+ "frame.time_relative": "359.192795000",
+ "frame.number": "381",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001e6a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000989e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35041",
+ "udp.port": "53",
+ "udp.port": "35041",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "19"
+ },
+ "dns": {
+ "dns.response_to": "380",
+ "dns.time": "0.037843000",
+ "dns.id": "0x00000487",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13313",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3795",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2515",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3016",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3200",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2106",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3857",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3654",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3718",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2491",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458971.607393000",
+ "frame.time_delta": "4.029605000",
+ "frame.time_delta_displayed": "900.009394000",
+ "frame.time_relative": "1259.202189000",
+ "frame.number": "1239",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000103",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b7ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57902",
+ "udp.dstport": "53",
+ "udp.port": "57902",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007701",
+ "udp.checksum.status": "2",
+ "udp.stream": "36"
+ },
+ "dns": {
+ "dns.response_in": "1240",
+ "dns.id": "0x00000488",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458971.678853000",
+ "frame.time_delta": "0.071460000",
+ "frame.time_delta_displayed": "0.071460000",
+ "frame.time_relative": "1259.273649000",
+ "frame.number": "1240",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00004f7c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57902",
+ "udp.port": "53",
+ "udp.port": "57902",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "36"
+ },
+ "dns": {
+ "dns.response_to": "1239",
+ "dns.time": "0.071460000",
+ "dns.id": "0x00000488",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12413",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2895",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1615",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2116",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2300",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1206",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2957",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2754",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2818",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.045476000",
+ "frame.time_delta": "1.106645000",
+ "frame.time_delta_displayed": "631.366623000",
+ "frame.time_relative": "1890.640272000",
+ "frame.number": "1873",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f1b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44067",
+ "udp.dstport": "53",
+ "udp.port": "44067",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001491",
+ "udp.checksum.status": "2",
+ "udp.stream": "51"
+ },
+ "dns": {
+ "dns.response_in": "1874",
+ "dns.id": "0x00000489",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.047090000",
+ "frame.time_delta": "0.001614000",
+ "frame.time_delta_displayed": "0.001614000",
+ "frame.time_relative": "1890.641886000",
+ "frame.number": "1874",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00002b52",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d2e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44067",
+ "udp.port": "53",
+ "udp.port": "44067",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "51"
+ },
+ "dns": {
+ "dns.response_to": "1873",
+ "dns.time": "0.001614000",
+ "dns.id": "0x00000489",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "643",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.048272000",
+ "frame.time_delta": "0.001182000",
+ "frame.time_delta_displayed": "0.001182000",
+ "frame.time_relative": "1890.643068000",
+ "frame.number": "1875",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f1c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51510",
+ "udp.dstport": "53",
+ "udp.port": "51510",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000127d",
+ "udp.checksum.status": "2",
+ "udp.stream": "52"
+ },
+ "dns": {
+ "dns.response_in": "1876",
+ "dns.id": "0x0000048a",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.049516000",
+ "frame.time_delta": "0.001244000",
+ "frame.time_delta_displayed": "0.001244000",
+ "frame.time_relative": "1890.644312000",
+ "frame.number": "1876",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00002b53",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008c99",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51510",
+ "udp.port": "53",
+ "udp.port": "51510",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "52"
+ },
+ "dns": {
+ "dns.response_to": "1875",
+ "dns.time": "0.001244000",
+ "dns.id": "0x0000048a",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155007",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3438",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3438",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "158626",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151199",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151199",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.470381000",
+ "frame.time_delta": "0.000880000",
+ "frame.time_delta_displayed": "0.420865000",
+ "frame.time_relative": "1891.065177000",
+ "frame.number": "1892",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f22",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009998",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44843",
+ "udp.dstport": "53",
+ "udp.port": "44843",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001187",
+ "udp.checksum.status": "2",
+ "udp.stream": "53"
+ },
+ "dns": {
+ "dns.response_in": "1893",
+ "dns.id": "0x0000048b",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.470880000",
+ "frame.time_delta": "0.000499000",
+ "frame.time_delta_displayed": "0.000499000",
+ "frame.time_relative": "1891.065676000",
+ "frame.number": "1893",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00002b76",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d44",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44843",
+ "udp.port": "53",
+ "udp.port": "44843",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "53"
+ },
+ "dns": {
+ "dns.response_to": "1892",
+ "dns.time": "0.000499000",
+ "dns.id": "0x0000048b",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.471684000",
+ "frame.time_delta": "0.000804000",
+ "frame.time_delta_displayed": "0.000804000",
+ "frame.time_relative": "1891.066480000",
+ "frame.number": "1894",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f23",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009997",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "40021",
+ "udp.dstport": "53",
+ "udp.port": "40021",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003f5c",
+ "udp.checksum.status": "2",
+ "udp.stream": "54"
+ },
+ "dns": {
+ "dns.response_in": "1895",
+ "dns.id": "0x0000048c",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.472192000",
+ "frame.time_delta": "0.000508000",
+ "frame.time_delta_displayed": "0.000508000",
+ "frame.time_relative": "1891.066988000",
+ "frame.number": "1895",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00002b77",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d33",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "40021",
+ "udp.port": "53",
+ "udp.port": "40021",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "54"
+ },
+ "dns": {
+ "dns.response_to": "1894",
+ "dns.time": "0.000508000",
+ "dns.id": "0x0000048c",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459871.689099000",
+ "frame.time_delta": "0.145237000",
+ "frame.time_delta_displayed": "268.216907000",
+ "frame.time_relative": "2159.283895000",
+ "frame.number": "2153",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000053f4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000064c9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49510",
+ "udp.dstport": "53",
+ "udp.port": "49510",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000097c4",
+ "udp.checksum.status": "2",
+ "udp.stream": "60"
+ },
+ "dns": {
+ "dns.response_in": "2154",
+ "dns.id": "0x0000048d",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459871.695550000",
+ "frame.time_delta": "0.006451000",
+ "frame.time_delta_displayed": "0.006451000",
+ "frame.time_relative": "2159.290346000",
+ "frame.number": "2154",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000851c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000031ec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49510",
+ "udp.port": "53",
+ "udp.port": "49510",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "60"
+ },
+ "dns": {
+ "dns.response_to": "2153",
+ "dns.time": "0.006451000",
+ "dns.id": "0x0000048d",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13111",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "294",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4838",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7614",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3676",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.90"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4084",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4641",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "218",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2322",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.232"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4774",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508460771.705423000",
+ "frame.time_delta": "3.937809000",
+ "frame.time_delta_displayed": "900.009873000",
+ "frame.time_relative": "3059.300219000",
+ "frame.number": "2958",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000b28e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000062f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59344",
+ "udp.dstport": "53",
+ "udp.port": "59344",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007159",
+ "udp.checksum.status": "2",
+ "udp.stream": "72"
+ },
+ "dns": {
+ "dns.response_in": "2959",
+ "dns.id": "0x0000048e",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508460771.715857000",
+ "frame.time_delta": "0.010434000",
+ "frame.time_delta_displayed": "0.010434000",
+ "frame.time_relative": "3059.310653000",
+ "frame.number": "2959",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ca5c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ecab",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59344",
+ "udp.port": "53",
+ "udp.port": "59344",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "72"
+ },
+ "dns": {
+ "dns.response_to": "2958",
+ "dns.time": "0.010434000",
+ "dns.id": "0x0000048e",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10613",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1095",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7816",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "316",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "500",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5409",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1157",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "954",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1018",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5792",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461671.725149000",
+ "frame.time_delta": "2.951813000",
+ "frame.time_delta_displayed": "900.009292000",
+ "frame.time_relative": "3959.319945000",
+ "frame.number": "3816",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ba5a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe62",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34709",
+ "udp.dstport": "53",
+ "udp.port": "34709",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d193",
+ "udp.checksum.status": "2",
+ "udp.stream": "84"
+ },
+ "dns": {
+ "dns.response_in": "3817",
+ "dns.id": "0x0000048f",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461671.735281000",
+ "frame.time_delta": "0.010132000",
+ "frame.time_delta_displayed": "0.010132000",
+ "frame.time_relative": "3959.330077000",
+ "frame.number": "3817",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004a90",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006c78",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34709",
+ "udp.port": "53",
+ "udp.port": "34709",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "84"
+ },
+ "dns": {
+ "dns.response_to": "3816",
+ "dns.time": "0.010132000",
+ "dns.id": "0x0000048f",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "11311",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2496",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3038",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5814",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1876",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.90"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2284",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2841",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2419",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.93"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "522",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.232"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2974",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461976.852097000",
+ "frame.time_delta": "3.045152000",
+ "frame.time_delta_displayed": "305.116816000",
+ "frame.time_relative": "4264.446893000",
+ "frame.number": "5571",
+ "frame.len": "83",
+ "frame.cap_len": "83",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "69",
+ "ip.id": "0x0000f879",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c03c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46881",
+ "udp.dstport": "53",
+ "udp.port": "46881",
+ "udp.port": "53",
+ "udp.length": "49",
+ "udp.checksum": "0x0000d1bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "89"
+ },
+ "dns": {
+ "dns.response_in": "5572",
+ "dns.id": "0x00000490",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461976.936468000",
+ "frame.time_delta": "0.084371000",
+ "frame.time_delta_displayed": "0.084371000",
+ "frame.time_relative": "4264.531264000",
+ "frame.number": "5572",
+ "frame.len": "297",
+ "frame.cap_len": "297",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "283",
+ "ip.id": "0x00008c6e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b72",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46881",
+ "udp.port": "53",
+ "udp.port": "46881",
+ "udp.length": "263",
+ "udp.checksum": "0x0000830a",
+ "udp.checksum.status": "2",
+ "udp.stream": "89"
+ },
+ "dns": {
+ "dns.response_to": "5571",
+ "dns.time": "0.084371000",
+ "dns.id": "0x00000490",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
+ "dns.resp.name": "diagnostics.meethue.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "4",
+ "dns.a": "130.211.67.12"
+ }
+ },
+ "Authoritative nameservers": {
+ "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "18",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2611",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "62777",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "62777",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508462571.746902000",
+ "frame.time_delta": "2.037142000",
+ "frame.time_delta_displayed": "594.810434000",
+ "frame.time_relative": "4859.341698000",
+ "frame.number": "6175",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f884",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c038",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54444",
+ "udp.dstport": "53",
+ "udp.port": "54444",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000847a",
+ "udp.checksum.status": "2",
+ "udp.stream": "97"
+ },
+ "dns": {
+ "dns.response_in": "6176",
+ "dns.id": "0x00000491",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508462571.772932000",
+ "frame.time_delta": "0.026030000",
+ "frame.time_delta_displayed": "0.026030000",
+ "frame.time_relative": "4859.367728000",
+ "frame.number": "6176",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004cfa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006a0e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54444",
+ "udp.port": "53",
+ "udp.port": "54444",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "97"
+ },
+ "dns": {
+ "dns.response_to": "6175",
+ "dns.time": "0.026030000",
+ "dns.id": "0x00000491",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8813",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3296",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6016",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6518",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2701",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3609",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7358",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3156",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5219",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3992",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.624384000",
+ "frame.time_delta": "0.266457000",
+ "frame.time_delta_displayed": "629.851452000",
+ "frame.time_relative": "5489.219180000",
+ "frame.number": "6744",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf31",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f988",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37292",
+ "udp.dstport": "53",
+ "udp.port": "37292",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002eff",
+ "udp.checksum.status": "2",
+ "udp.stream": "102"
+ },
+ "dns": {
+ "dns.response_in": "6745",
+ "dns.id": "0x00000492",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.626468000",
+ "frame.time_delta": "0.002084000",
+ "frame.time_delta_displayed": "0.002084000",
+ "frame.time_relative": "5489.221264000",
+ "frame.number": "6745",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00003f71",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000790f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37292",
+ "udp.port": "53",
+ "udp.port": "37292",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "102"
+ },
+ "dns": {
+ "dns.response_to": "6744",
+ "dns.time": "0.002084000",
+ "dns.id": "0x00000492",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.627301000",
+ "frame.time_delta": "0.000833000",
+ "frame.time_delta_displayed": "0.000833000",
+ "frame.time_relative": "5489.222097000",
+ "frame.number": "6746",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf32",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f987",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54874",
+ "udp.dstport": "53",
+ "udp.port": "54874",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000550",
+ "udp.checksum.status": "2",
+ "udp.stream": "103"
+ },
+ "dns": {
+ "dns.response_in": "6747",
+ "dns.id": "0x00000493",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.628812000",
+ "frame.time_delta": "0.001511000",
+ "frame.time_delta_displayed": "0.001511000",
+ "frame.time_relative": "5489.223608000",
+ "frame.number": "6747",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00003f72",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000787a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54874",
+ "udp.port": "53",
+ "udp.port": "54874",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "103"
+ },
+ "dns": {
+ "dns.response_to": "6746",
+ "dns.time": "0.001511000",
+ "dns.id": "0x00000493",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2985",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1386",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "61552",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "61552",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.044352000",
+ "frame.time_delta": "0.001668000",
+ "frame.time_delta_displayed": "0.415540000",
+ "frame.time_relative": "5489.639148000",
+ "frame.number": "6763",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf41",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f978",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55176",
+ "udp.dstport": "53",
+ "udp.port": "55176",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e920",
+ "udp.checksum.status": "2",
+ "udp.stream": "104"
+ },
+ "dns": {
+ "dns.response_in": "6764",
+ "dns.id": "0x00000494",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.044953000",
+ "frame.time_delta": "0.000601000",
+ "frame.time_delta_displayed": "0.000601000",
+ "frame.time_relative": "5489.639749000",
+ "frame.number": "6764",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00003f96",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007924",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55176",
+ "udp.port": "53",
+ "udp.port": "55176",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "104"
+ },
+ "dns": {
+ "dns.response_to": "6763",
+ "dns.time": "0.000601000",
+ "dns.id": "0x00000494",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.045769000",
+ "frame.time_delta": "0.000816000",
+ "frame.time_delta_displayed": "0.000816000",
+ "frame.time_relative": "5489.640565000",
+ "frame.number": "6765",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf42",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f977",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60660",
+ "udp.dstport": "53",
+ "udp.port": "60660",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000eeb3",
+ "udp.checksum.status": "2",
+ "udp.stream": "105"
+ },
+ "dns": {
+ "dns.response_in": "6766",
+ "dns.id": "0x00000495",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.046379000",
+ "frame.time_delta": "0.000610000",
+ "frame.time_delta_displayed": "0.000610000",
+ "frame.time_relative": "5489.641175000",
+ "frame.number": "6766",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00003f97",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007913",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60660",
+ "udp.port": "53",
+ "udp.port": "60660",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "105"
+ },
+ "dns": {
+ "dns.response_to": "6765",
+ "dns.time": "0.000610000",
+ "dns.id": "0x00000495",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2984",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463471.778249000",
+ "frame.time_delta": "3.324074000",
+ "frame.time_delta_displayed": "269.731870000",
+ "frame.time_relative": "5759.373045000",
+ "frame.number": "7048",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001dd7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009ae6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36809",
+ "udp.dstport": "53",
+ "udp.port": "36809",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c958",
+ "udp.checksum.status": "2",
+ "udp.stream": "113"
+ },
+ "dns": {
+ "dns.response_in": "7049",
+ "dns.id": "0x00000496",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463471.799436000",
+ "frame.time_delta": "0.021187000",
+ "frame.time_delta_displayed": "0.021187000",
+ "frame.time_relative": "5759.394232000",
+ "frame.number": "7049",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000431d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073eb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36809",
+ "udp.port": "53",
+ "udp.port": "36809",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "113"
+ },
+ "dns": {
+ "dns.response_to": "7048",
+ "dns.time": "0.021187000",
+ "dns.id": "0x00000496",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7913",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2396",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5116",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5618",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1801",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2709",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6458",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2256",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4319",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3092",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508464371.807701000",
+ "frame.time_delta": "0.379478000",
+ "frame.time_delta_displayed": "900.008265000",
+ "frame.time_relative": "6659.402497000",
+ "frame.number": "7913",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009e02",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001abb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47598",
+ "udp.dstport": "53",
+ "udp.port": "47598",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009f32",
+ "udp.checksum.status": "2",
+ "udp.stream": "123"
+ },
+ "dns": {
+ "dns.response_in": "7914",
+ "dns.id": "0x00000497",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508464371.814443000",
+ "frame.time_delta": "0.006742000",
+ "frame.time_delta_displayed": "0.006742000",
+ "frame.time_relative": "6659.409239000",
+ "frame.number": "7914",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x0000e205",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d530",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47598",
+ "udp.port": "53",
+ "udp.port": "47598",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "123"
+ },
+ "dns": {
+ "dns.response_to": "7913",
+ "dns.time": "0.006742000",
+ "dns.id": "0x00000497",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8611",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3797",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "338",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3114",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3177",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5586",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3720",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.234"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3824",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508465271.823654000",
+ "frame.time_delta": "3.748666000",
+ "frame.time_delta_displayed": "900.009211000",
+ "frame.time_relative": "7559.418450000",
+ "frame.number": "8671",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e910",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000cfac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33804",
+ "udp.dstport": "53",
+ "udp.port": "33804",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d513",
+ "udp.checksum.status": "2",
+ "udp.stream": "132"
+ },
+ "dns": {
+ "dns.response_in": "8672",
+ "dns.id": "0x00000498",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508465271.884431000",
+ "frame.time_delta": "0.060777000",
+ "frame.time_delta_displayed": "0.060777000",
+ "frame.time_relative": "7559.479227000",
+ "frame.number": "8672",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004cdb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006a2d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33804",
+ "udp.port": "53",
+ "udp.port": "33804",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "132"
+ },
+ "dns": {
+ "dns.response_to": "8671",
+ "dns.time": "0.060777000",
+ "dns.id": "0x00000498",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6113",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "596",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3316",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3818",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "909",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4658",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "456",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2519",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1292",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466171.895282000",
+ "frame.time_delta": "7.109343000",
+ "frame.time_delta_displayed": "900.010851000",
+ "frame.time_relative": "8459.490078000",
+ "frame.number": "9475",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ffbc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b900",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33283",
+ "udp.dstport": "53",
+ "udp.port": "33283",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d71b",
+ "udp.checksum.status": "2",
+ "udp.stream": "144"
+ },
+ "dns": {
+ "dns.response_in": "9476",
+ "dns.id": "0x00000499",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466171.906565000",
+ "frame.time_delta": "0.011283000",
+ "frame.time_delta_displayed": "0.011283000",
+ "frame.time_relative": "8459.501361000",
+ "frame.number": "9476",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a915",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000df3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33283",
+ "udp.port": "53",
+ "udp.port": "33283",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "144"
+ },
+ "dns": {
+ "dns.response_to": "9475",
+ "dns.time": "0.011283000",
+ "dns.id": "0x00000499",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6811",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1997",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6539",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1314",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1377",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3786",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6342",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.234"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2024",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4475",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.239450000",
+ "frame.time_delta": "4.788057000",
+ "frame.time_delta_displayed": "630.332885000",
+ "frame.time_relative": "9089.834246000",
+ "frame.number": "10050",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000751c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000439e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51418",
+ "udp.dstport": "53",
+ "udp.port": "51418",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f7c8",
+ "udp.checksum.status": "2",
+ "udp.stream": "151"
+ },
+ "dns": {
+ "dns.response_in": "10051",
+ "dns.id": "0x0000049a",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.241425000",
+ "frame.time_delta": "0.001975000",
+ "frame.time_delta_displayed": "0.001975000",
+ "frame.time_relative": "9089.836221000",
+ "frame.number": "10051",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000030bf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087c1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51418",
+ "udp.port": "53",
+ "udp.port": "51418",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "151"
+ },
+ "dns": {
+ "dns.response_to": "10050",
+ "dns.time": "0.001975000",
+ "dns.id": "0x0000049a",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.242432000",
+ "frame.time_delta": "0.001007000",
+ "frame.time_delta_displayed": "0.001007000",
+ "frame.time_relative": "9089.837228000",
+ "frame.number": "10052",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000751d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000439d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60729",
+ "udp.dstport": "53",
+ "udp.port": "60729",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ee68",
+ "udp.checksum.status": "2",
+ "udp.stream": "152"
+ },
+ "dns": {
+ "dns.response_in": "10053",
+ "dns.id": "0x0000049b",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.244090000",
+ "frame.time_delta": "0.001658000",
+ "frame.time_delta_displayed": "0.001658000",
+ "frame.time_relative": "9089.838886000",
+ "frame.number": "10053",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000030c0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000872c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60729",
+ "udp.port": "53",
+ "udp.port": "60729",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "152"
+ },
+ "dns": {
+ "dns.response_to": "10052",
+ "dns.time": "0.001658000",
+ "dns.id": "0x0000049b",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "147808",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172526",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172526",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151427",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144000",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144000",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.660387000",
+ "frame.time_delta": "0.001051000",
+ "frame.time_delta_displayed": "0.416297000",
+ "frame.time_relative": "9090.255183000",
+ "frame.number": "10069",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007547",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004373",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46220",
+ "udp.dstport": "53",
+ "udp.port": "46220",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000c15",
+ "udp.checksum.status": "2",
+ "udp.stream": "153"
+ },
+ "dns": {
+ "dns.response_in": "10070",
+ "dns.id": "0x0000049c",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.660954000",
+ "frame.time_delta": "0.000567000",
+ "frame.time_delta_displayed": "0.000567000",
+ "frame.time_relative": "9090.255750000",
+ "frame.number": "10070",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000030d6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087e4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46220",
+ "udp.port": "53",
+ "udp.port": "46220",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "153"
+ },
+ "dns": {
+ "dns.response_to": "10069",
+ "dns.time": "0.000567000",
+ "dns.id": "0x0000049c",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.661749000",
+ "frame.time_delta": "0.000795000",
+ "frame.time_delta_displayed": "0.000795000",
+ "frame.time_relative": "9090.256545000",
+ "frame.number": "10071",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007548",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004372",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51255",
+ "udp.dstport": "53",
+ "udp.port": "51255",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001369",
+ "udp.checksum.status": "2",
+ "udp.stream": "154"
+ },
+ "dns": {
+ "dns.response_in": "10072",
+ "dns.id": "0x0000049d",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.662301000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.662301000",
+ "frame.time_delta": "0.000552000",
+ "frame.time_delta_displayed": "0.000552000",
+ "frame.time_relative": "9090.257097000",
+ "frame.number": "10072",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x000030d7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087d3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51255",
+ "udp.port": "53",
+ "udp.port": "51255",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "154"
+ },
+ "dns": {
+ "dns.response_to": "10071",
+ "dns.time": "0.000552000",
+ "dns.id": "0x0000049d",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:37:51.914199000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467071.914199000",
+ "frame.time_delta": "0.065381000",
+ "frame.time_delta_displayed": "269.251898000",
+ "frame.time_relative": "9359.508995000",
+ "frame.number": "10287",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000089fd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002ec0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "41837",
+ "udp.dstport": "53",
+ "udp.port": "41837",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b5ac",
+ "udp.checksum.status": "2",
+ "udp.stream": "155"
+ },
+ "dns": {
+ "dns.response_in": "10288",
+ "dns.id": "0x0000049e",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:37:51.978100000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467071.978100000",
+ "frame.time_delta": "0.063901000",
+ "frame.time_delta_displayed": "0.063901000",
+ "frame.time_relative": "9359.572896000",
+ "frame.number": "10288",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00008e7d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000288b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "41837",
+ "udp.port": "53",
+ "udp.port": "41837",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "155"
+ },
+ "dns": {
+ "dns.response_to": "10287",
+ "dns.time": "0.063901000",
+ "dns.id": "0x0000049e",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "117",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4313",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1516",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2018",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2202",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5110",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2858",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2660",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "719",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5496",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:52:51.985173000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467971.985173000",
+ "frame.time_delta": "0.373714000",
+ "frame.time_delta_displayed": "900.007073000",
+ "frame.time_relative": "10259.579969000",
+ "frame.number": "11065",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000b24b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000672",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33682",
+ "udp.dstport": "53",
+ "udp.port": "33682",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d586",
+ "udp.checksum.status": "2",
+ "udp.stream": "163"
+ },
+ "dns": {
+ "dns.response_in": "11066",
+ "dns.id": "0x0000049f",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:52:52.048951000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467972.048951000",
+ "frame.time_delta": "0.063778000",
+ "frame.time_delta_displayed": "0.063778000",
+ "frame.time_relative": "10259.643747000",
+ "frame.number": "11066",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00008dbf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002949",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33682",
+ "udp.port": "53",
+ "udp.port": "33682",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "163"
+ },
+ "dns": {
+ "dns.response_to": "11065",
+ "dns.time": "0.063778000",
+ "dns.id": "0x0000049f",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "117",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3413",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1898",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "615",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1117",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1301",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4209",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1957",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1759",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5819",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4595",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:07:52.060309000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508468872.060309000",
+ "frame.time_delta": "0.486449000",
+ "frame.time_delta_displayed": "900.011358000",
+ "frame.time_relative": "11159.655105000",
+ "frame.number": "11855",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000fdee",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bace",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49312",
+ "udp.dstport": "53",
+ "udp.port": "49312",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009877",
+ "udp.checksum.status": "2",
+ "udp.stream": "171"
+ },
+ "dns": {
+ "dns.response_in": "11856",
+ "dns.id": "0x000004a0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:07:52.067203000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508468872.067203000",
+ "frame.time_delta": "0.006894000",
+ "frame.time_delta_displayed": "0.006894000",
+ "frame.time_relative": "11159.661999000",
+ "frame.number": "11856",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x0000b190",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000005a6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49312",
+ "udp.port": "53",
+ "udp.port": "49312",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "171"
+ },
+ "dns": {
+ "dns.response_to": "11855",
+ "dns.time": "0.006894000",
+ "dns.id": "0x000004a0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4110",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3838",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6614",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2677",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1085",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3641",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5325",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:22:52.076126000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508469772.076126000",
+ "frame.time_delta": "0.590869000",
+ "frame.time_delta_displayed": "900.008923000",
+ "frame.time_relative": "12059.670922000",
+ "frame.number": "12657",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000a2db",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000015e2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53703",
+ "udp.dstport": "53",
+ "udp.port": "53703",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000874f",
+ "udp.checksum.status": "2",
+ "udp.stream": "177"
+ },
+ "dns": {
+ "dns.response_in": "12658",
+ "dns.id": "0x000004a1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:22:52.112051000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508469772.112051000",
+ "frame.time_delta": "0.035925000",
+ "frame.time_delta_displayed": "0.035925000",
+ "frame.time_relative": "12059.706847000",
+ "frame.number": "12658",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ccc6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea41",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53703",
+ "udp.port": "53",
+ "udp.port": "53703",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "177"
+ },
+ "dns": {
+ "dns.response_to": "12657",
+ "dns.time": "0.035925000",
+ "dns.id": "0x000004a1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1612",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "98",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6816",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7318",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3503",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.200"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2409",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3960",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4019",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2795",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.842206000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.842206000",
+ "frame.time_delta": "0.384116000",
+ "frame.time_delta_displayed": "630.730155000",
+ "frame.time_relative": "12690.437002000",
+ "frame.number": "13303",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd6f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db4a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44754",
+ "udp.dstport": "53",
+ "udp.port": "44754",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000011c9",
+ "udp.checksum.status": "2",
+ "udp.stream": "184"
+ },
+ "dns": {
+ "dns.response_in": "13304",
+ "dns.id": "0x000004a2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.844183000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.844183000",
+ "frame.time_delta": "0.001977000",
+ "frame.time_delta_displayed": "0.001977000",
+ "frame.time_relative": "12690.438979000",
+ "frame.number": "13304",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00000246",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b63a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44754",
+ "udp.port": "53",
+ "udp.port": "44754",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "184"
+ },
+ "dns": {
+ "dns.response_to": "13303",
+ "dns.time": "0.001977000",
+ "dns.id": "0x000004a2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.846468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.846468000",
+ "frame.time_delta": "0.002285000",
+ "frame.time_delta_displayed": "0.002285000",
+ "frame.time_relative": "12690.441264000",
+ "frame.number": "13305",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd70",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db49",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35982",
+ "udp.dstport": "53",
+ "udp.port": "35982",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00004f0c",
+ "udp.checksum.status": "2",
+ "udp.stream": "185"
+ },
+ "dns": {
+ "dns.response_in": "13306",
+ "dns.id": "0x000004a3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.848081000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.848081000",
+ "frame.time_delta": "0.001613000",
+ "frame.time_delta_displayed": "0.001613000",
+ "frame.time_relative": "12690.442877000",
+ "frame.number": "13306",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00000247",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b5a5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35982",
+ "udp.port": "53",
+ "udp.port": "35982",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "185"
+ },
+ "dns": {
+ "dns.response_to": "13305",
+ "dns.time": "0.001613000",
+ "dns.id": "0x000004a3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3161",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "645",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "645",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "645",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "856",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "164374",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "164374",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2117",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "54351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "54351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.264573000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.264573000",
+ "frame.time_delta": "0.001337000",
+ "frame.time_delta_displayed": "0.416492000",
+ "frame.time_relative": "12690.859369000",
+ "frame.number": "13322",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd71",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db48",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "56095",
+ "udp.dstport": "53",
+ "udp.port": "56095",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e579",
+ "udp.checksum.status": "2",
+ "udp.stream": "186"
+ },
+ "dns": {
+ "dns.response_in": "13323",
+ "dns.id": "0x000004a4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.265148000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.265148000",
+ "frame.time_delta": "0.000575000",
+ "frame.time_delta_displayed": "0.000575000",
+ "frame.time_relative": "12690.859944000",
+ "frame.number": "13323",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000026e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b64c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "56095",
+ "udp.port": "53",
+ "udp.port": "56095",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "186"
+ },
+ "dns": {
+ "dns.response_to": "13322",
+ "dns.time": "0.000575000",
+ "dns.id": "0x000004a4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.266041000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.266041000",
+ "frame.time_delta": "0.000893000",
+ "frame.time_delta_displayed": "0.000893000",
+ "frame.time_relative": "12690.860837000",
+ "frame.number": "13324",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd72",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db47",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "41786",
+ "udp.dstport": "53",
+ "udp.port": "41786",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000385e",
+ "udp.checksum.status": "2",
+ "udp.stream": "187"
+ },
+ "dns": {
+ "dns.response_in": "13325",
+ "dns.id": "0x000004a5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.266579000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.266579000",
+ "frame.time_delta": "0.000538000",
+ "frame.time_delta_displayed": "0.000538000",
+ "frame.time_relative": "12690.861375000",
+ "frame.number": "13325",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000026f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b63b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "41786",
+ "udp.port": "53",
+ "udp.port": "41786",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "187"
+ },
+ "dns": {
+ "dns.response_to": "13324",
+ "dns.time": "0.000538000",
+ "dns.id": "0x000004a5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3160",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:37:52.120059000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470672.120059000",
+ "frame.time_delta": "0.625668000",
+ "frame.time_delta_displayed": "268.853480000",
+ "frame.time_relative": "12959.714855000",
+ "frame.number": "13582",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00002649",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009274",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54738",
+ "udp.dstport": "53",
+ "udp.port": "54738",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000833f",
+ "udp.checksum.status": "2",
+ "udp.stream": "188"
+ },
+ "dns": {
+ "dns.response_in": "13583",
+ "dns.id": "0x000004a6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:37:52.140960000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470672.140960000",
+ "frame.time_delta": "0.020901000",
+ "frame.time_delta_displayed": "0.020901000",
+ "frame.time_relative": "12959.735756000",
+ "frame.number": "13583",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004310",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073f8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54738",
+ "udp.port": "53",
+ "udp.port": "54738",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "188"
+ },
+ "dns": {
+ "dns.response_to": "13582",
+ "dns.time": "0.020901000",
+ "dns.id": "0x000004a6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "712",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3199",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5916",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6418",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2603",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.200"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1509",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7258",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.206"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3060",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3119",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1895",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:52:52.147811000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508471572.147811000",
+ "frame.time_delta": "0.719415000",
+ "frame.time_delta_displayed": "900.006851000",
+ "frame.time_relative": "13859.742607000",
+ "frame.number": "14361",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e5bd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d2ff",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55123",
+ "udp.dstport": "53",
+ "udp.port": "55123",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000081bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "197"
+ },
+ "dns": {
+ "dns.response_in": "14362",
+ "dns.id": "0x000004a7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:52:52.212985000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508471572.212985000",
+ "frame.time_delta": "0.065174000",
+ "frame.time_delta_displayed": "0.065174000",
+ "frame.time_relative": "13859.807781000",
+ "frame.number": "14362",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00004fa4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006792",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55123",
+ "udp.port": "53",
+ "udp.port": "55123",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "197"
+ },
+ "dns": {
+ "dns.response_to": "14361",
+ "dns.time": "0.065174000",
+ "dns.id": "0x000004a7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "117",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21417",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2299",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5016",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5518",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1703",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.200"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "609",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6358",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.206"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2160",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2219",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:07:52.219360000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508472472.219360000",
+ "frame.time_delta": "0.606095000",
+ "frame.time_delta_displayed": "900.006375000",
+ "frame.time_relative": "14759.814156000",
+ "frame.number": "15111",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c5af",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f30d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44889",
+ "udp.dstport": "53",
+ "udp.port": "44889",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a9b6",
+ "udp.checksum.status": "2",
+ "udp.stream": "205"
+ },
+ "dns": {
+ "dns.response_in": "15112",
+ "dns.id": "0x000004a8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:07:52.306389000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508472472.306389000",
+ "frame.time_delta": "0.087029000",
+ "frame.time_delta_displayed": "0.087029000",
+ "frame.time_relative": "14759.901185000",
+ "frame.number": "15112",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a365",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000013a3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44889",
+ "udp.port": "53",
+ "udp.port": "44889",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "205"
+ },
+ "dns": {
+ "dns.response_to": "15111",
+ "dns.time": "0.087029000",
+ "dns.id": "0x000004a8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "510",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3699",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "238",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3014",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3078",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3486",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "41",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3621",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1725",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4177",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:22:52.395472000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508473372.395472000",
+ "frame.time_delta": "3.711619000",
+ "frame.time_delta_displayed": "900.089083000",
+ "frame.time_relative": "15659.990268000",
+ "frame.number": "15884",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000043a6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007517",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53892",
+ "udp.dstport": "53",
+ "udp.port": "53892",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000868a",
+ "udp.checksum.status": "2",
+ "udp.stream": "212"
+ },
+ "dns": {
+ "dns.response_in": "15885",
+ "dns.id": "0x000004a9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:22:52.423942000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508473372.423942000",
+ "frame.time_delta": "0.028470000",
+ "frame.time_delta_displayed": "0.028470000",
+ "frame.time_relative": "15660.018738000",
+ "frame.number": "15885",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f1a1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c566",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53892",
+ "udp.port": "53",
+ "udp.port": "53892",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "212"
+ },
+ "dns": {
+ "dns.response_to": "15884",
+ "dns.time": "0.028470000",
+ "dns.id": "0x000004a9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21258",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7339",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2114",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2178",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2586",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7142",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2721",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "825",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3277",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.396307000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.396307000",
+ "frame.time_delta": "4.678140000",
+ "frame.time_delta_displayed": "630.972365000",
+ "frame.time_relative": "16290.991103000",
+ "frame.number": "16442",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096a0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000221a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37663",
+ "udp.dstport": "53",
+ "udp.port": "37663",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002d74",
+ "udp.checksum.status": "2",
+ "udp.stream": "215"
+ },
+ "dns": {
+ "dns.response_in": "16443",
+ "dns.id": "0x000004aa",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.398249000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.398249000",
+ "frame.time_delta": "0.001942000",
+ "frame.time_delta_displayed": "0.001942000",
+ "frame.time_relative": "16290.993045000",
+ "frame.number": "16443",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00008616",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000326a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37663",
+ "udp.port": "53",
+ "udp.port": "37663",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "215"
+ },
+ "dns": {
+ "dns.response_to": "16442",
+ "dns.time": "0.001942000",
+ "dns.id": "0x000004aa",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.399079000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.399079000",
+ "frame.time_delta": "0.000830000",
+ "frame.time_delta_displayed": "0.000830000",
+ "frame.time_relative": "16290.993875000",
+ "frame.number": "16444",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096a1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002219",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33353",
+ "udp.dstport": "53",
+ "udp.port": "33353",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00005949",
+ "udp.checksum.status": "2",
+ "udp.stream": "216"
+ },
+ "dns": {
+ "dns.response_in": "16445",
+ "dns.id": "0x000004ab",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.400649000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.400649000",
+ "frame.time_delta": "0.001570000",
+ "frame.time_delta_displayed": "0.001570000",
+ "frame.time_relative": "16290.995445000",
+ "frame.number": "16445",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00008617",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000031d5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33353",
+ "udp.port": "53",
+ "udp.port": "33353",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "216"
+ },
+ "dns": {
+ "dns.response_to": "16444",
+ "dns.time": "0.001570000",
+ "dns.id": "0x000004ab",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "140607",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "165325",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "165325",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144226",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "136799",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "136799",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.818793000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.818793000",
+ "frame.time_delta": "0.002460000",
+ "frame.time_delta_displayed": "0.418144000",
+ "frame.time_relative": "16291.413589000",
+ "frame.number": "16461",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096bd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000021fd",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "52555",
+ "udp.dstport": "53",
+ "udp.port": "52555",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f345",
+ "udp.checksum.status": "2",
+ "udp.stream": "217"
+ },
+ "dns": {
+ "dns.response_in": "16462",
+ "dns.id": "0x000004ac",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.819379000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.819379000",
+ "frame.time_delta": "0.000586000",
+ "frame.time_delta_displayed": "0.000586000",
+ "frame.time_relative": "16291.414175000",
+ "frame.number": "16462",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000861c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000329e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "52555",
+ "udp.port": "53",
+ "udp.port": "52555",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "217"
+ },
+ "dns": {
+ "dns.response_to": "16461",
+ "dns.time": "0.000586000",
+ "dns.id": "0x000004ac",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.820220000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.820220000",
+ "frame.time_delta": "0.000841000",
+ "frame.time_delta_displayed": "0.000841000",
+ "frame.time_relative": "16291.415016000",
+ "frame.number": "16463",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096be",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000021fc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58656",
+ "udp.dstport": "53",
+ "udp.port": "58656",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f66f",
+ "udp.checksum.status": "2",
+ "udp.stream": "218"
+ },
+ "dns": {
+ "dns.response_in": "16464",
+ "dns.id": "0x000004ad",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.820779000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.820779000",
+ "frame.time_delta": "0.000559000",
+ "frame.time_delta_displayed": "0.000559000",
+ "frame.time_relative": "16291.415575000",
+ "frame.number": "16464",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000861d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000328d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58656",
+ "udp.port": "53",
+ "udp.port": "58656",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "218"
+ },
+ "dns": {
+ "dns.response_to": "16463",
+ "dns.time": "0.000559000",
+ "dns.id": "0x000004ad",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:37:52.430247000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474272.430247000",
+ "frame.time_delta": "3.692969000",
+ "frame.time_delta_displayed": "268.609468000",
+ "frame.time_relative": "16560.025043000",
+ "frame.number": "16697",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e609",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d2b3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47128",
+ "udp.dstport": "53",
+ "udp.port": "47128",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a0f1",
+ "udp.checksum.status": "2",
+ "udp.stream": "221"
+ },
+ "dns": {
+ "dns.response_in": "16698",
+ "dns.id": "0x000004ae",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:37:52.445842000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474272.445842000",
+ "frame.time_delta": "0.015595000",
+ "frame.time_delta_displayed": "0.015595000",
+ "frame.time_relative": "16560.040638000",
+ "frame.number": "16698",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000be56",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f8b1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47128",
+ "udp.port": "53",
+ "udp.port": "47128",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "221"
+ },
+ "dns": {
+ "dns.response_to": "16697",
+ "dns.time": "0.015595000",
+ "dns.id": "0x000004ae",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20358",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1899",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6439",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1214",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1278",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1686",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6242",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1821",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5927",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2377",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:52:52.450308000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508475172.450308000",
+ "frame.time_delta": "6.313074000",
+ "frame.time_delta_displayed": "900.004466000",
+ "frame.time_relative": "17460.045104000",
+ "frame.number": "17472",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00002b9d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d20",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58502",
+ "udp.dstport": "53",
+ "udp.port": "58502",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007482",
+ "udp.checksum.status": "2",
+ "udp.stream": "229"
+ },
+ "dns": {
+ "dns.response_in": "17473",
+ "dns.id": "0x000004af",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:52:52.456608000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508475172.456608000",
+ "frame.time_delta": "0.006300000",
+ "frame.time_delta_displayed": "0.006300000",
+ "frame.time_relative": "17460.051404000",
+ "frame.number": "17473",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000011ad",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a55b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58502",
+ "udp.port": "53",
+ "udp.port": "58502",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "229"
+ },
+ "dns": {
+ "dns.response_to": "17472",
+ "dns.time": "0.006300000",
+ "dns.id": "0x000004af",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "19458",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "999",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5539",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "314",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "378",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "786",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5342",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "921",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5027",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1477",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:07:52.464775000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476072.464775000",
+ "frame.time_delta": "4.206559000",
+ "frame.time_delta_displayed": "900.008167000",
+ "frame.time_relative": "18360.059571000",
+ "frame.number": "18263",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00005c8a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005c33",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58930",
+ "udp.dstport": "53",
+ "udp.port": "58930",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000072d5",
+ "udp.checksum.status": "2",
+ "udp.stream": "235"
+ },
+ "dns": {
+ "dns.response_in": "18264",
+ "dns.id": "0x000004b0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:07:52.473763000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476072.473763000",
+ "frame.time_delta": "0.008988000",
+ "frame.time_delta_displayed": "0.008988000",
+ "frame.time_relative": "18360.068559000",
+ "frame.number": "18264",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000052f7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006411",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58930",
+ "udp.port": "53",
+ "udp.port": "58930",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "235"
+ },
+ "dns": {
+ "dns.response_to": "18263",
+ "dns.time": "0.008988000",
+ "dns.id": "0x000004b0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "18558",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "99",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4639",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7415",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3479",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.129"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5887",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4442",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4127",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "577",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:22:52.482011000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476972.482011000",
+ "frame.time_delta": "2.079982000",
+ "frame.time_delta_displayed": "900.008248000",
+ "frame.time_relative": "19260.076807000",
+ "frame.number": "19082",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00007f92",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000392b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "48250",
+ "udp.dstport": "53",
+ "udp.port": "48250",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009c8c",
+ "udp.checksum.status": "2",
+ "udp.stream": "242"
+ },
+ "dns": {
+ "dns.response_in": "19083",
+ "dns.id": "0x000004b1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:22:52.488375000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476972.488375000",
+ "frame.time_delta": "0.006364000",
+ "frame.time_delta_displayed": "0.006364000",
+ "frame.time_relative": "19260.083171000",
+ "frame.number": "19083",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000024f5",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009213",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "48250",
+ "udp.port": "53",
+ "udp.port": "48250",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "242"
+ },
+ "dns": {
+ "dns.response_to": "19082",
+ "dns.time": "0.006364000",
+ "dns.id": "0x000004b1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "17658",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3200",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3739",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6515",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2579",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.129"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4987",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3542",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3122",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3227",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5678",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.968209000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.968209000",
+ "frame.time_delta": "2.368838000",
+ "frame.time_delta_displayed": "629.479834000",
+ "frame.time_relative": "19889.563005000",
+ "frame.number": "19759",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048a9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007011",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "48476",
+ "udp.dstport": "53",
+ "udp.port": "48476",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000032f",
+ "udp.checksum.status": "2",
+ "udp.stream": "248"
+ },
+ "dns": {
+ "dns.response_in": "19760",
+ "dns.id": "0x000004b2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.970113000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.970113000",
+ "frame.time_delta": "0.001904000",
+ "frame.time_delta_displayed": "0.001904000",
+ "frame.time_relative": "19889.564909000",
+ "frame.number": "19760",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00006934",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f4c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "48476",
+ "udp.port": "53",
+ "udp.port": "48476",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "248"
+ },
+ "dns": {
+ "dns.response_to": "19759",
+ "dns.time": "0.001904000",
+ "dns.id": "0x000004b2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.971590000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.971590000",
+ "frame.time_delta": "0.001477000",
+ "frame.time_delta_displayed": "0.001477000",
+ "frame.time_relative": "19889.566386000",
+ "frame.number": "19761",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048aa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007010",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60103",
+ "udp.dstport": "53",
+ "udp.port": "60103",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f0c2",
+ "udp.checksum.status": "2",
+ "udp.stream": "249"
+ },
+ "dns": {
+ "dns.response_in": "19762",
+ "dns.id": "0x000004b3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.973429000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.973429000",
+ "frame.time_delta": "0.001839000",
+ "frame.time_delta_displayed": "0.001839000",
+ "frame.time_relative": "19889.568225000",
+ "frame.number": "19762",
+ "frame.len": "269",
+ "frame.cap_len": "269",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "255",
+ "ip.id": "0x00006935",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004ec7",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60103",
+ "udp.port": "53",
+ "udp.port": "60103",
+ "udp.length": "235",
+ "udp.checksum": "0x000082ee",
+ "udp.checksum.status": "2",
+ "udp.stream": "249"
+ },
+ "dns": {
+ "dns.response_to": "19761",
+ "dns.time": "0.001839000",
+ "dns.id": "0x000004b3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "5",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157175",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157175",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2218",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "47152",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "47152",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.393601000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.393601000",
+ "frame.time_delta": "0.000661000",
+ "frame.time_delta_displayed": "0.420172000",
+ "frame.time_relative": "19889.988397000",
+ "frame.number": "19778",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048c9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006ff1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58716",
+ "udp.dstport": "53",
+ "udp.port": "58716",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000db2c",
+ "udp.checksum.status": "2",
+ "udp.stream": "250"
+ },
+ "dns": {
+ "dns.response_in": "19779",
+ "dns.id": "0x000004b4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.394208000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.394208000",
+ "frame.time_delta": "0.000607000",
+ "frame.time_delta_displayed": "0.000607000",
+ "frame.time_relative": "19889.989004000",
+ "frame.number": "19779",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00006951",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f69",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58716",
+ "udp.port": "53",
+ "udp.port": "58716",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "250"
+ },
+ "dns": {
+ "dns.response_to": "19778",
+ "dns.time": "0.000607000",
+ "dns.id": "0x000004b4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.395034000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.395034000",
+ "frame.time_delta": "0.000826000",
+ "frame.time_delta_displayed": "0.000826000",
+ "frame.time_relative": "19889.989830000",
+ "frame.number": "19780",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048ca",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006ff0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58570",
+ "udp.dstport": "53",
+ "udp.port": "58570",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f6bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "251"
+ },
+ "dns": {
+ "dns.response_in": "19781",
+ "dns.id": "0x000004b5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.395453000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.395453000",
+ "frame.time_delta": "0.000419000",
+ "frame.time_delta_displayed": "0.000419000",
+ "frame.time_relative": "19889.990249000",
+ "frame.number": "19781",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00006952",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f58",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58570",
+ "udp.port": "53",
+ "udp.port": "58570",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "251"
+ },
+ "dns": {
+ "dns.response_to": "19780",
+ "dns.time": "0.000419000",
+ "dns.id": "0x000004b5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:37:52.496004000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477872.496004000",
+ "frame.time_delta": "7.655864000",
+ "frame.time_delta_displayed": "270.100551000",
+ "frame.time_relative": "20160.090800000",
+ "frame.number": "20012",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00007136",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004787",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57235",
+ "udp.dstport": "53",
+ "udp.port": "57235",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000796e",
+ "udp.checksum.status": "2",
+ "udp.stream": "252"
+ },
+ "dns": {
+ "dns.response_in": "20013",
+ "dns.id": "0x000004b6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:37:52.557890000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477872.557890000",
+ "frame.time_delta": "0.061886000",
+ "frame.time_delta_displayed": "0.061886000",
+ "frame.time_relative": "20160.152686000",
+ "frame.number": "20013",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00007974",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003dc2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57235",
+ "udp.port": "53",
+ "udp.port": "57235",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "252"
+ },
+ "dns": {
+ "dns.response_to": "20012",
+ "dns.time": "0.061886000",
+ "dns.id": "0x000004b6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "118",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "15117",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6717",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7220",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3405",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "311",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "58",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.206"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3867",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.69"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.204"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:52:52.564075000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508478772.564075000",
+ "frame.time_delta": "2.198143000",
+ "frame.time_delta_displayed": "900.006185000",
+ "frame.time_relative": "21060.158871000",
+ "frame.number": "20790",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000cae0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000eddc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43240",
+ "udp.dstport": "53",
+ "udp.port": "43240",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b018",
+ "udp.checksum.status": "2",
+ "udp.stream": "258"
+ },
+ "dns": {
+ "dns.response_in": "20791",
+ "dns.id": "0x000004b7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:52:52.600980000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508478772.600980000",
+ "frame.time_delta": "0.036905000",
+ "frame.time_delta_displayed": "0.036905000",
+ "frame.time_relative": "21060.195776000",
+ "frame.number": "20791",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00009731",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002005",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43240",
+ "udp.port": "53",
+ "udp.port": "43240",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "258"
+ },
+ "dns": {
+ "dns.response_to": "20790",
+ "dns.time": "0.036905000",
+ "dns.id": "0x000004b7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "118",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14217",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3106",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5817",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6320",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2505",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5412",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7161",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2967",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.69"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1020",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.204"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:07:52.606357000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508479672.606357000",
+ "frame.time_delta": "1.385883000",
+ "frame.time_delta_displayed": "900.005377000",
+ "frame.time_relative": "21960.201153000",
+ "frame.number": "21562",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00004d98",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006b25",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53213",
+ "udp.dstport": "53",
+ "udp.port": "53213",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00008922",
+ "udp.checksum.status": "2",
+ "udp.stream": "264"
+ },
+ "dns": {
+ "dns.response_in": "21563",
+ "dns.id": "0x000004b8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:07:52.617193000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508479672.617193000",
+ "frame.time_delta": "0.010836000",
+ "frame.time_delta_displayed": "0.010836000",
+ "frame.time_relative": "21960.211989000",
+ "frame.number": "21563",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000db65",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000dba2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53213",
+ "udp.port": "53",
+ "udp.port": "53213",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "264"
+ },
+ "dns": {
+ "dns.response_to": "21562",
+ "dns.time": "0.010836000",
+ "dns.id": "0x000004b8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "118",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13317",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2206",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4917",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5420",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1605",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4512",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6261",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2067",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.69"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "120",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.204"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5890",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:22:52.625699000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508480572.625699000",
+ "frame.time_delta": "4.403118000",
+ "frame.time_delta_displayed": "900.008506000",
+ "frame.time_relative": "22860.220495000",
+ "frame.number": "22346",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00005937",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005f86",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33001",
+ "udp.dstport": "53",
+ "udp.port": "33001",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d815",
+ "udp.checksum.status": "2",
+ "udp.stream": "268"
+ },
+ "dns": {
+ "dns.response_in": "22347",
+ "dns.id": "0x000004b9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:22:52.650694000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508480572.650694000",
+ "frame.time_delta": "0.024995000",
+ "frame.time_delta_displayed": "0.024995000",
+ "frame.time_relative": "22860.245490000",
+ "frame.number": "22347",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000d12d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e5da",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33001",
+ "udp.port": "53",
+ "udp.port": "33001",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "268"
+ },
+ "dns": {
+ "dns.response_to": "22346",
+ "dns.time": "0.024995000",
+ "dns.id": "0x000004b9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14058",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3601",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "139",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2915",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2980",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1387",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7943",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3523",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5628",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2078",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.664730000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.664730000",
+ "frame.time_delta": "2.566341000",
+ "frame.time_delta_displayed": "630.014036000",
+ "frame.time_relative": "23490.259526000",
+ "frame.number": "22859",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d2e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b8c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58340",
+ "udp.dstport": "53",
+ "udp.port": "58340",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000dc9e",
+ "udp.checksum.status": "2",
+ "udp.stream": "271"
+ },
+ "dns": {
+ "dns.response_in": "22860",
+ "dns.id": "0x000004ba",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.666597000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.666597000",
+ "frame.time_delta": "0.001867000",
+ "frame.time_delta_displayed": "0.001867000",
+ "frame.time_relative": "23490.261393000",
+ "frame.number": "22860",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00008ce9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b97",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58340",
+ "udp.port": "53",
+ "udp.port": "58340",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "271"
+ },
+ "dns": {
+ "dns.response_to": "22859",
+ "dns.time": "0.001867000",
+ "dns.id": "0x000004ba",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.667494000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.667494000",
+ "frame.time_delta": "0.000897000",
+ "frame.time_delta_displayed": "0.000897000",
+ "frame.time_relative": "23490.262290000",
+ "frame.number": "22861",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d2f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b8b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "52564",
+ "udp.dstport": "53",
+ "udp.port": "52564",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000e2e",
+ "udp.checksum.status": "2",
+ "udp.stream": "272"
+ },
+ "dns": {
+ "dns.response_in": "22862",
+ "dns.id": "0x000004bb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.669032000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.669032000",
+ "frame.time_delta": "0.001538000",
+ "frame.time_delta_displayed": "0.001538000",
+ "frame.time_relative": "23490.263828000",
+ "frame.number": "22862",
+ "frame.len": "269",
+ "frame.cap_len": "269",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "255",
+ "ip.id": "0x00008cea",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b12",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "52564",
+ "udp.port": "53",
+ "udp.port": "52564",
+ "udp.length": "235",
+ "udp.checksum": "0x000082ee",
+ "udp.checksum.status": "2",
+ "udp.stream": "272"
+ },
+ "dns": {
+ "dns.response_to": "22861",
+ "dns.time": "0.001538000",
+ "dns.id": "0x000004bb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "5",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "688",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "688",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "688",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "153574",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "153574",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171829",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "43551",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "43551",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.087037000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.087037000",
+ "frame.time_delta": "0.001271000",
+ "frame.time_delta_displayed": "0.418005000",
+ "frame.time_relative": "23490.681833000",
+ "frame.number": "22878",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d4c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b6e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37188",
+ "udp.dstport": "53",
+ "udp.port": "37188",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002f3d",
+ "udp.checksum.status": "2",
+ "udp.stream": "273"
+ },
+ "dns": {
+ "dns.response_in": "22879",
+ "dns.id": "0x000004bc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.087591000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.087591000",
+ "frame.time_delta": "0.000554000",
+ "frame.time_delta_displayed": "0.000554000",
+ "frame.time_relative": "23490.682387000",
+ "frame.number": "22879",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00008d00",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002bba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37188",
+ "udp.port": "53",
+ "udp.port": "37188",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "273"
+ },
+ "dns": {
+ "dns.response_to": "22878",
+ "dns.time": "0.000554000",
+ "dns.id": "0x000004bc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.088490000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.088490000",
+ "frame.time_delta": "0.000899000",
+ "frame.time_delta_displayed": "0.000899000",
+ "frame.time_relative": "23490.683286000",
+ "frame.number": "22880",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d4d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b6d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57857",
+ "udp.dstport": "53",
+ "udp.port": "57857",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f97e",
+ "udp.checksum.status": "2",
+ "udp.stream": "274"
+ },
+ "dns": {
+ "dns.response_in": "22881",
+ "dns.id": "0x000004bd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.089060000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.089060000",
+ "frame.time_delta": "0.000570000",
+ "frame.time_delta_displayed": "0.000570000",
+ "frame.time_relative": "23490.683856000",
+ "frame.number": "22881",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00008d01",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002ba9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57857",
+ "udp.port": "53",
+ "udp.port": "57857",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "274"
+ },
+ "dns": {
+ "dns.response_to": "22880",
+ "dns.time": "0.000570000",
+ "dns.id": "0x000004bd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:37:52.675652000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481472.675652000",
+ "frame.time_delta": "1.044735000",
+ "frame.time_delta_displayed": "269.586592000",
+ "frame.time_relative": "23760.270448000",
+ "frame.number": "23158",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009f5f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000195e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "41570",
+ "udp.dstport": "53",
+ "udp.port": "41570",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b697",
+ "udp.checksum.status": "2",
+ "udp.stream": "280"
+ },
+ "dns": {
+ "dns.response_in": "23159",
+ "dns.id": "0x000004be",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:37:52.686467000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481472.686467000",
+ "frame.time_delta": "0.010815000",
+ "frame.time_delta_displayed": "0.010815000",
+ "frame.time_relative": "23760.281263000",
+ "frame.number": "23159",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000db55",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000dbb2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "41570",
+ "udp.port": "53",
+ "udp.port": "41570",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "280"
+ },
+ "dns": {
+ "dns.response_to": "23158",
+ "dns.time": "0.010815000",
+ "dns.id": "0x000004be",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13158",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2701",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7242",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2015",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2080",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "487",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7043",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2623",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4728",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1178",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:52:52.690665000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508482372.690665000",
+ "frame.time_delta": "0.322371000",
+ "frame.time_delta_displayed": "900.004198000",
+ "frame.time_relative": "24660.285461000",
+ "frame.number": "23918",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009671",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000224c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "42853",
+ "udp.dstport": "53",
+ "udp.port": "42853",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b193",
+ "udp.checksum.status": "2",
+ "udp.stream": "284"
+ },
+ "dns": {
+ "dns.response_in": "23919",
+ "dns.id": "0x000004bf",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:52:52.711241000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508482372.711241000",
+ "frame.time_delta": "0.020576000",
+ "frame.time_delta_displayed": "0.020576000",
+ "frame.time_relative": "24660.306037000",
+ "frame.number": "23919",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001d6b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "42853",
+ "udp.port": "53",
+ "udp.port": "42853",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "284"
+ },
+ "dns": {
+ "dns.response_to": "23918",
+ "dns.time": "0.020576000",
+ "dns.id": "0x000004bf",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10617",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3509",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2217",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2720",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2912",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1812",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3561",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3369",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3423",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3190",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:07:52.715432000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483272.715432000",
+ "frame.time_delta": "0.798629000",
+ "frame.time_delta_displayed": "900.004191000",
+ "frame.time_relative": "25560.310228000",
+ "frame.number": "24682",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000a08f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000182e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53913",
+ "udp.dstport": "53",
+ "udp.port": "53913",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000865e",
+ "udp.checksum.status": "2",
+ "udp.stream": "288"
+ },
+ "dns": {
+ "dns.response_in": "24683",
+ "dns.id": "0x000004c0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:07:52.722880000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483272.722880000",
+ "frame.time_delta": "0.007448000",
+ "frame.time_delta_displayed": "0.007448000",
+ "frame.time_relative": "25560.317676000",
+ "frame.number": "24683",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x000067fe",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f38",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53913",
+ "udp.port": "53",
+ "udp.port": "53913",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "288"
+ },
+ "dns": {
+ "dns.response_to": "24682",
+ "dns.time": "0.007448000",
+ "dns.id": "0x000004c0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "11358",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "901",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5442",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "215",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "280",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4688",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5243",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "823",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2928",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:12:04.696340000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483524.696340000",
+ "frame.time_delta": "0.145443000",
+ "frame.time_delta_displayed": "251.973460000",
+ "frame.time_relative": "25812.291136000",
+ "frame.number": "24953",
+ "frame.len": "83",
+ "frame.cap_len": "83",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "69",
+ "ip.id": "0x0000a209",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000016ad",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49770",
+ "udp.dstport": "53",
+ "udp.port": "49770",
+ "udp.port": "53",
+ "udp.length": "49",
+ "udp.checksum": "0x0000cac1",
+ "udp.checksum.status": "2",
+ "udp.stream": "293"
+ },
+ "dns": {
+ "dns.response_in": "24954",
+ "dns.id": "0x00000043",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:12:04.767719000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483524.767719000",
+ "frame.time_delta": "0.071379000",
+ "frame.time_delta_displayed": "0.071379000",
+ "frame.time_relative": "25812.362515000",
+ "frame.number": "24954",
+ "frame.len": "297",
+ "frame.cap_len": "297",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "283",
+ "ip.id": "0x00008814",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002fcc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49770",
+ "udp.port": "53",
+ "udp.port": "49770",
+ "udp.length": "263",
+ "udp.checksum": "0x0000830a",
+ "udp.checksum.status": "2",
+ "udp.stream": "293"
+ },
+ "dns": {
+ "dns.response_to": "24953",
+ "dns.time": "0.071379000",
+ "dns.id": "0x00000043",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
+ "dns.resp.name": "diagnostics.meethue.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "4",
+ "dns.a": "130.211.67.12"
+ }
+ },
+ "Authoritative nameservers": {
+ "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1704",
+ "dns.resp.len": "18",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1704",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1704",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "131086",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155804",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155804",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "134705",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127278",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127278",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:22:52.727669000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484172.727669000",
+ "frame.time_delta": "3.871548000",
+ "frame.time_delta_displayed": "647.959950000",
+ "frame.time_relative": "26460.322465000",
+ "frame.number": "25506",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000042c9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000075f4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55301",
+ "udp.dstport": "53",
+ "udp.port": "55301",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000080f1",
+ "udp.checksum.status": "2",
+ "udp.stream": "295"
+ },
+ "dns": {
+ "dns.response_in": "25507",
+ "dns.id": "0x000004c1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:22:52.765073000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484172.765073000",
+ "frame.time_delta": "0.037404000",
+ "frame.time_delta_displayed": "0.037404000",
+ "frame.time_relative": "26460.359869000",
+ "frame.number": "25507",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000318",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b3f0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55301",
+ "udp.port": "53",
+ "udp.port": "55301",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "295"
+ },
+ "dns": {
+ "dns.response_to": "25506",
+ "dns.time": "0.037404000",
+ "dns.id": "0x000004c1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8817",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1709",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "417",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "920",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1112",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1761",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1569",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1623",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1390",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.301033000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.301033000",
+ "frame.time_delta": "0.159453000",
+ "frame.time_delta_displayed": "630.535960000",
+ "frame.time_relative": "27090.895829000",
+ "frame.number": "26095",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aa78",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e42",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60609",
+ "udp.dstport": "53",
+ "udp.port": "60609",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000d3b9",
+ "udp.checksum.status": "2",
+ "udp.stream": "299"
+ },
+ "dns": {
+ "dns.response_in": "26096",
+ "dns.id": "0x000004c2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.303089000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.303089000",
+ "frame.time_delta": "0.002056000",
+ "frame.time_delta_displayed": "0.002056000",
+ "frame.time_relative": "27090.897885000",
+ "frame.number": "26096",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000a9d2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000eae",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60609",
+ "udp.port": "53",
+ "udp.port": "60609",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "299"
+ },
+ "dns": {
+ "dns.response_to": "26095",
+ "dns.time": "0.002056000",
+ "dns.id": "0x000004c2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.303940000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.303940000",
+ "frame.time_delta": "0.000851000",
+ "frame.time_delta_displayed": "0.000851000",
+ "frame.time_relative": "27090.898736000",
+ "frame.number": "26097",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aa79",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e41",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45112",
+ "udp.dstport": "53",
+ "udp.port": "45112",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002b42",
+ "udp.checksum.status": "2",
+ "udp.stream": "300"
+ },
+ "dns": {
+ "dns.response_in": "26098",
+ "dns.id": "0x000004c3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.305709000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.305709000",
+ "frame.time_delta": "0.001769000",
+ "frame.time_delta_displayed": "0.001769000",
+ "frame.time_relative": "27090.900505000",
+ "frame.number": "26098",
+ "frame.len": "269",
+ "frame.cap_len": "269",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "255",
+ "ip.id": "0x0000a9d3",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e29",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45112",
+ "udp.port": "53",
+ "udp.port": "45112",
+ "udp.length": "235",
+ "udp.checksum": "0x000082ee",
+ "udp.checksum.status": "2",
+ "udp.stream": "300"
+ },
+ "dns": {
+ "dns.response_to": "26097",
+ "dns.time": "0.001769000",
+ "dns.id": "0x000004c3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "5",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "149973",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "149973",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "168228",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "39950",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "39950",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.726935000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.726935000",
+ "frame.time_delta": "0.001538000",
+ "frame.time_delta_displayed": "0.421226000",
+ "frame.time_relative": "27091.321731000",
+ "frame.number": "26114",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aaa1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e19",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47836",
+ "udp.dstport": "53",
+ "udp.port": "47836",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000059d",
+ "udp.checksum.status": "2",
+ "udp.stream": "301"
+ },
+ "dns": {
+ "dns.response_in": "26115",
+ "dns.id": "0x000004c4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.727513000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.727513000",
+ "frame.time_delta": "0.000578000",
+ "frame.time_delta_displayed": "0.000578000",
+ "frame.time_relative": "27091.322309000",
+ "frame.number": "26115",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000a9f1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000ec9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47836",
+ "udp.port": "53",
+ "udp.port": "47836",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "301"
+ },
+ "dns": {
+ "dns.response_to": "26114",
+ "dns.time": "0.000578000",
+ "dns.id": "0x000004c4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.728355000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.728355000",
+ "frame.time_delta": "0.000842000",
+ "frame.time_delta_displayed": "0.000842000",
+ "frame.time_relative": "27091.323151000",
+ "frame.number": "26116",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aaa2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e18",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59436",
+ "udp.dstport": "53",
+ "udp.port": "59436",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f34b",
+ "udp.checksum.status": "2",
+ "udp.stream": "302"
+ },
+ "dns": {
+ "dns.response_in": "26117",
+ "dns.id": "0x000004c5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.728777000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.728777000",
+ "frame.time_delta": "0.000422000",
+ "frame.time_delta_displayed": "0.000422000",
+ "frame.time_relative": "27091.323573000",
+ "frame.number": "26117",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000a9f2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000eb8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59436",
+ "udp.port": "53",
+ "udp.port": "59436",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "302"
+ },
+ "dns": {
+ "dns.response_to": "26116",
+ "dns.time": "0.000422000",
+ "dns.id": "0x000004c5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:37:52.772955000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485072.772955000",
+ "frame.time_delta": "1.222355000",
+ "frame.time_delta_displayed": "269.044178000",
+ "frame.time_relative": "27360.367751000",
+ "frame.number": "26369",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ce92",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea2a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45574",
+ "udp.dstport": "53",
+ "udp.port": "45574",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a6eb",
+ "udp.checksum.status": "2",
+ "udp.stream": "304"
+ },
+ "dns": {
+ "dns.response_in": "26370",
+ "dns.id": "0x000004c6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:37:52.788820000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485072.788820000",
+ "frame.time_delta": "0.015865000",
+ "frame.time_delta_displayed": "0.015865000",
+ "frame.time_relative": "27360.383616000",
+ "frame.number": "26370",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000cb7f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000eb88",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45574",
+ "udp.port": "53",
+ "udp.port": "45574",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "304"
+ },
+ "dns": {
+ "dns.response_to": "26369",
+ "dns.time": "0.015865000",
+ "dns.id": "0x000004c6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "9558",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3102",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3642",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6416",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2481",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.176"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2888",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3443",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3024",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1128",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4574",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:52:52.797929000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485972.797929000",
+ "frame.time_delta": "1.729711000",
+ "frame.time_delta_displayed": "900.009109000",
+ "frame.time_relative": "28260.392725000",
+ "frame.number": "27288",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000fdad",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bb0f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57726",
+ "udp.dstport": "53",
+ "udp.port": "57726",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007772",
+ "udp.checksum.status": "2",
+ "udp.stream": "311"
+ },
+ "dns": {
+ "dns.response_in": "27289",
+ "dns.id": "0x000004c7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:52:52.808637000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485972.808637000",
+ "frame.time_delta": "0.010708000",
+ "frame.time_delta_displayed": "0.010708000",
+ "frame.time_relative": "28260.403433000",
+ "frame.number": "27289",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000efa6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c761",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57726",
+ "udp.port": "53",
+ "udp.port": "57726",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "311"
+ },
+ "dns": {
+ "dns.response_to": "27288",
+ "dns.time": "0.010708000",
+ "dns.id": "0x000004c7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8658",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2202",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2742",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5516",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1581",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.176"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1988",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2543",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2124",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "228",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3674",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:07:52.814329000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508486872.814329000",
+ "frame.time_delta": "5.472047000",
+ "frame.time_delta_displayed": "900.005692000",
+ "frame.time_relative": "29160.409125000",
+ "frame.number": "28061",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000614d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005770",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "39493",
+ "udp.dstport": "53",
+ "udp.port": "39493",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000beaa",
+ "udp.checksum.status": "2",
+ "udp.stream": "315"
+ },
+ "dns": {
+ "dns.response_in": "28062",
+ "dns.id": "0x000004c8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:07:52.835978000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508486872.835978000",
+ "frame.time_delta": "0.021649000",
+ "frame.time_delta_displayed": "0.021649000",
+ "frame.time_relative": "29160.430774000",
+ "frame.number": "28062",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000e9b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a86d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "39493",
+ "udp.port": "53",
+ "udp.port": "39493",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "315"
+ },
+ "dns": {
+ "dns.response_to": "28061",
+ "dns.time": "0.021649000",
+ "dns.id": "0x000004c8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6117",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3011",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5718",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6226",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.207": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2421",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.207"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3318",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7067",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2874",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4925",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4702",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:22:52.843589000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508487772.843589000",
+ "frame.time_delta": "0.601966000",
+ "frame.time_delta_displayed": "900.007611000",
+ "frame.time_relative": "30060.438385000",
+ "frame.number": "28868",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00008683",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000323a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60232",
+ "udp.dstport": "53",
+ "udp.port": "60232",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00006da6",
+ "udp.checksum.status": "2",
+ "udp.stream": "322"
+ },
+ "dns": {
+ "dns.response_in": "28869",
+ "dns.id": "0x000004c9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:22:52.850618000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508487772.850618000",
+ "frame.time_delta": "0.007029000",
+ "frame.time_delta_displayed": "0.007029000",
+ "frame.time_relative": "30060.445414000",
+ "frame.number": "28869",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x000032d6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008460",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60232",
+ "udp.port": "53",
+ "udp.port": "60232",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "322"
+ },
+ "dns": {
+ "dns.response_to": "28868",
+ "dns.time": "0.007029000",
+ "dns.id": "0x000004c9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6858",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "402",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "942",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3716",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3782",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "188",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "743",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "324",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4429",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.755985000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.755985000",
+ "frame.time_delta": "1.940613000",
+ "frame.time_delta_displayed": "628.905367000",
+ "frame.time_relative": "30689.350781000",
+ "frame.number": "29396",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009aad",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001e0d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43519",
+ "udp.dstport": "53",
+ "udp.port": "43519",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001674",
+ "udp.checksum.status": "2",
+ "udp.stream": "327"
+ },
+ "dns": {
+ "dns.response_in": "29397",
+ "dns.id": "0x000004ca",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.757930000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.757930000",
+ "frame.time_delta": "0.001945000",
+ "frame.time_delta_displayed": "0.001945000",
+ "frame.time_relative": "30689.352726000",
+ "frame.number": "29397",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000a15f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001721",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43519",
+ "udp.port": "53",
+ "udp.port": "43519",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "327"
+ },
+ "dns": {
+ "dns.response_to": "29396",
+ "dns.time": "0.001945000",
+ "dns.id": "0x000004ca",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3221",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.758751000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.758751000",
+ "frame.time_delta": "0.000821000",
+ "frame.time_delta_displayed": "0.000821000",
+ "frame.time_relative": "30689.353547000",
+ "frame.number": "29398",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009aae",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001e0c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34772",
+ "udp.dstport": "53",
+ "udp.port": "34772",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000539e",
+ "udp.checksum.status": "2",
+ "udp.stream": "328"
+ },
+ "dns": {
+ "dns.response_in": "29399",
+ "dns.id": "0x000004cb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.760366000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.760366000",
+ "frame.time_delta": "0.001615000",
+ "frame.time_delta_displayed": "0.001615000",
+ "frame.time_relative": "30689.355162000",
+ "frame.number": "29399",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x0000a160",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000168c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34772",
+ "udp.port": "53",
+ "udp.port": "34772",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "328"
+ },
+ "dns": {
+ "dns.response_to": "29398",
+ "dns.time": "0.001615000",
+ "dns.id": "0x000004cb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3221",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1322",
+ "dns.resp.len": "10",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1322",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1322",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "442",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "146375",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "146375",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "164630",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "36352",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "36352",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.179535000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.179535000",
+ "frame.time_delta": "0.001270000",
+ "frame.time_delta_displayed": "0.419169000",
+ "frame.time_relative": "30689.774331000",
+ "frame.number": "29415",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009ac2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001df8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "32927",
+ "udp.dstport": "53",
+ "udp.port": "32927",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003fd2",
+ "udp.checksum.status": "2",
+ "udp.stream": "329"
+ },
+ "dns": {
+ "dns.response_in": "29416",
+ "dns.id": "0x000004cc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.180074000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.180074000",
+ "frame.time_delta": "0.000539000",
+ "frame.time_delta_displayed": "0.000539000",
+ "frame.time_relative": "30689.774870000",
+ "frame.number": "29416",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000a17c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000173e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "32927",
+ "udp.port": "53",
+ "udp.port": "32927",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "329"
+ },
+ "dns": {
+ "dns.response_to": "29415",
+ "dns.time": "0.000539000",
+ "dns.id": "0x000004cc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.181272000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.181272000",
+ "frame.time_delta": "0.001198000",
+ "frame.time_delta_displayed": "0.001198000",
+ "frame.time_relative": "30689.776068000",
+ "frame.number": "29417",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009ac3",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001df7",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "50502",
+ "udp.dstport": "53",
+ "udp.port": "50502",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000162a",
+ "udp.checksum.status": "2",
+ "udp.stream": "330"
+ },
+ "dns": {
+ "dns.response_in": "29418",
+ "dns.id": "0x000004cd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.181706000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.181706000",
+ "frame.time_delta": "0.000434000",
+ "frame.time_delta_displayed": "0.000434000",
+ "frame.time_relative": "30689.776502000",
+ "frame.number": "29418",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000a17d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000172d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "50502",
+ "udp.port": "53",
+ "udp.port": "50502",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "330"
+ },
+ "dns": {
+ "dns.response_to": "29417",
+ "dns.time": "0.000434000",
+ "dns.id": "0x000004cd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:37:52.855829000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488672.855829000",
+ "frame.time_delta": "3.621068000",
+ "frame.time_delta_displayed": "270.674123000",
+ "frame.time_relative": "30960.450625000",
+ "frame.number": "29698",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000af13",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000009aa",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51191",
+ "udp.dstport": "53",
+ "udp.port": "51191",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000090f2",
+ "udp.checksum.status": "2",
+ "udp.stream": "331"
+ },
+ "dns": {
+ "dns.response_in": "29699",
+ "dns.id": "0x000004ce",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:37:52.862182000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488672.862182000",
+ "frame.time_delta": "0.006353000",
+ "frame.time_delta_displayed": "0.006353000",
+ "frame.time_relative": "30960.456978000",
+ "frame.number": "29699",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ff8b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b77c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51191",
+ "udp.port": "53",
+ "udp.port": "51191",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "331"
+ },
+ "dns": {
+ "dns.response_to": "29698",
+ "dns.time": "0.006353000",
+ "dns.id": "0x000004ce",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5958",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3503",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "42",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2816",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2882",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5291",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7844",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3426",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3529",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:52:52.869701000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508489572.869701000",
+ "frame.time_delta": "1.064777000",
+ "frame.time_delta_displayed": "900.007519000",
+ "frame.time_relative": "31860.464497000",
+ "frame.number": "30491",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c558",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f364",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43504",
+ "udp.dstport": "53",
+ "udp.port": "43504",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000aef8",
+ "udp.checksum.status": "2",
+ "udp.stream": "337"
+ },
+ "dns": {
+ "dns.response_in": "30492",
+ "dns.id": "0x000004cf",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:52:52.875803000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508489572.875803000",
+ "frame.time_delta": "0.006102000",
+ "frame.time_delta_displayed": "0.006102000",
+ "frame.time_relative": "31860.470599000",
+ "frame.number": "30492",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004e2b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000068dd",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43504",
+ "udp.port": "53",
+ "udp.port": "43504",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "337"
+ },
+ "dns": {
+ "dns.response_to": "30491",
+ "dns.time": "0.006102000",
+ "dns.id": "0x000004cf",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5058",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2603",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7144",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1916",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1982",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4391",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6944",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2526",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2629",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "74",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:07:52.881831000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508490472.881831000",
+ "frame.time_delta": "1.602333000",
+ "frame.time_delta_displayed": "900.006028000",
+ "frame.time_relative": "32760.476627000",
+ "frame.number": "31269",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ce88",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea34",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "38554",
+ "udp.dstport": "53",
+ "udp.port": "38554",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c24d",
+ "udp.checksum.status": "2",
+ "udp.stream": "343"
+ },
+ "dns": {
+ "dns.response_in": "31270",
+ "dns.id": "0x000004d0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:07:52.891762000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508490472.891762000",
+ "frame.time_delta": "0.009931000",
+ "frame.time_delta_displayed": "0.009931000",
+ "frame.time_relative": "32760.486558000",
+ "frame.number": "31270",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000e5c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a8ac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "38554",
+ "udp.port": "53",
+ "udp.port": "38554",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "343"
+ },
+ "dns": {
+ "dns.response_to": "31269",
+ "dns.time": "0.009931000",
+ "dns.id": "0x000004d0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4158",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1703",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6244",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1016",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1082",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3491",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6044",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1626",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1729",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5177",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:22:52.901114000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508491372.901114000",
+ "frame.time_delta": "1.849865000",
+ "frame.time_delta_displayed": "900.009352000",
+ "frame.time_relative": "33660.495910000",
+ "frame.number": "32056",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00004594",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007329",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33202",
+ "udp.dstport": "53",
+ "udp.port": "33202",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d734",
+ "udp.checksum.status": "2",
+ "udp.stream": "348"
+ },
+ "dns": {
+ "dns.response_in": "32057",
+ "dns.id": "0x000004d1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:22:52.972380000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508491372.972380000",
+ "frame.time_delta": "0.071266000",
+ "frame.time_delta_displayed": "0.071266000",
+ "frame.time_relative": "33660.567176000",
+ "frame.number": "32057",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00002997",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d71",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33202",
+ "udp.port": "53",
+ "udp.port": "33202",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "348"
+ },
+ "dns": {
+ "dns.response_to": "32056",
+ "dns.time": "0.071266000",
+ "dns.id": "0x000004d1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "120",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1617",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2514",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1218",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1726",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1922",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.151": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4820",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.151"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2567",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.151": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2380",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.151"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "425",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "202",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.349285000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.349285000",
+ "frame.time_delta": "0.837648000",
+ "frame.time_delta_displayed": "629.376905000",
+ "frame.time_relative": "34289.944081000",
+ "frame.number": "32626",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f99e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf1b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "52881",
+ "udp.dstport": "53",
+ "udp.port": "52881",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f1d9",
+ "udp.checksum.status": "2",
+ "udp.stream": "352"
+ },
+ "dns": {
+ "dns.response_in": "32627",
+ "dns.id": "0x000004d2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.351230000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.351230000",
+ "frame.time_delta": "0.001945000",
+ "frame.time_delta_displayed": "0.001945000",
+ "frame.time_relative": "34289.946026000",
+ "frame.number": "32627",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000ba2d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe52",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "52881",
+ "udp.port": "53",
+ "udp.port": "52881",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "352"
+ },
+ "dns": {
+ "dns.response_to": "32626",
+ "dns.time": "0.001945000",
+ "dns.id": "0x000004d2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.352051000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.352051000",
+ "frame.time_delta": "0.000821000",
+ "frame.time_delta_displayed": "0.000821000",
+ "frame.time_relative": "34289.946847000",
+ "frame.number": "32628",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f99f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf1a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43337",
+ "udp.dstport": "53",
+ "udp.port": "43337",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003221",
+ "udp.checksum.status": "2",
+ "udp.stream": "353"
+ },
+ "dns": {
+ "dns.response_in": "32629",
+ "dns.id": "0x000004d3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.392543000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.392543000",
+ "frame.time_delta": "0.040492000",
+ "frame.time_delta_displayed": "0.040492000",
+ "frame.time_relative": "34289.987339000",
+ "frame.number": "32629",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x0000ba30",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fdbb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43337",
+ "udp.port": "53",
+ "udp.port": "43337",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "353"
+ },
+ "dns": {
+ "dns.response_to": "32628",
+ "dns.time": "0.040492000",
+ "dns.id": "0x000004d3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1411",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1411",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1411",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171851",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142774",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142774",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "161029",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "32751",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "32751",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.810223000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.810223000",
+ "frame.time_delta": "0.001028000",
+ "frame.time_delta_displayed": "0.417680000",
+ "frame.time_relative": "34290.405019000",
+ "frame.number": "32645",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f9af",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf0a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54367",
+ "udp.dstport": "53",
+ "udp.port": "54367",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ec09",
+ "udp.checksum.status": "2",
+ "udp.stream": "354"
+ },
+ "dns": {
+ "dns.response_in": "32646",
+ "dns.id": "0x000004d4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.810817000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.810817000",
+ "frame.time_delta": "0.000594000",
+ "frame.time_delta_displayed": "0.000594000",
+ "frame.time_relative": "34290.405613000",
+ "frame.number": "32646",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000ba35",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe84",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54367",
+ "udp.port": "53",
+ "udp.port": "54367",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "354"
+ },
+ "dns": {
+ "dns.response_to": "32645",
+ "dns.time": "0.000594000",
+ "dns.id": "0x000004d4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.811626000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.811626000",
+ "frame.time_delta": "0.000809000",
+ "frame.time_delta_displayed": "0.000809000",
+ "frame.time_relative": "34290.406422000",
+ "frame.number": "32647",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f9b0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf09",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "39432",
+ "udp.dstport": "53",
+ "udp.port": "39432",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00004160",
+ "udp.checksum.status": "2",
+ "udp.stream": "355"
+ },
+ "dns": {
+ "dns.response_in": "32648",
+ "dns.id": "0x000004d5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.812191000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.812191000",
+ "frame.time_delta": "0.000565000",
+ "frame.time_delta_displayed": "0.000565000",
+ "frame.time_relative": "34290.406987000",
+ "frame.number": "32648",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000ba36",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe73",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "39432",
+ "udp.port": "53",
+ "udp.port": "39432",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "355"
+ },
+ "dns": {
+ "dns.response_to": "32647",
+ "dns.time": "0.000565000",
+ "dns.id": "0x000004d5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:37:53.011030000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492273.011030000",
+ "frame.time_delta": "0.622307000",
+ "frame.time_delta_displayed": "270.198839000",
+ "frame.time_relative": "34560.605826000",
+ "frame.number": "32884",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000400c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000078b1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44772",
+ "udp.dstport": "53",
+ "udp.port": "44772",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a9fd",
+ "udp.checksum.status": "2",
+ "udp.stream": "356"
+ },
+ "dns": {
+ "dns.response_in": "32885",
+ "dns.id": "0x000004d6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:37:53.016866000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492273.016866000",
+ "frame.time_delta": "0.005836000",
+ "frame.time_delta_displayed": "0.005836000",
+ "frame.time_relative": "34560.611662000",
+ "frame.number": "32885",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000c41b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f2ec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44772",
+ "udp.port": "53",
+ "udp.port": "44772",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "356"
+ },
+ "dns": {
+ "dns.response_to": "32884",
+ "dns.time": "0.005836000",
+ "dns.id": "0x000004d6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2357",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3904",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4443",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7217",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3284",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1690",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4243",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3827",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5929",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3376",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:52:53.027071000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508493173.027071000",
+ "frame.time_delta": "3.719993000",
+ "frame.time_delta_displayed": "900.010205000",
+ "frame.time_relative": "35460.621867000",
+ "frame.number": "33758",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000044d0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073ed",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54661",
+ "udp.dstport": "53",
+ "udp.port": "54661",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000835b",
+ "udp.checksum.status": "2",
+ "udp.stream": "360"
+ },
+ "dns": {
+ "dns.response_in": "33759",
+ "dns.id": "0x000004d7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:52:53.101742000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508493173.101742000",
+ "frame.time_delta": "0.074671000",
+ "frame.time_delta_displayed": "0.074671000",
+ "frame.time_relative": "35460.696538000",
+ "frame.number": "33759",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f93b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bdcc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54661",
+ "udp.port": "53",
+ "udp.port": "54661",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "360"
+ },
+ "dns": {
+ "dns.response_to": "33758",
+ "dns.time": "0.074671000",
+ "dns.id": "0x000004d7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1457",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3004",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3543",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6317",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2384",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3343",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2927",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5029",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2476",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:07:53.107570000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494073.107570000",
+ "frame.time_delta": "7.786097000",
+ "frame.time_delta_displayed": "900.005828000",
+ "frame.time_relative": "36360.702366000",
+ "frame.number": "34517",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f210",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c6ac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49914",
+ "udp.dstport": "53",
+ "udp.port": "49914",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000095e5",
+ "udp.checksum.status": "2",
+ "udp.stream": "368"
+ },
+ "dns": {
+ "dns.response_in": "34518",
+ "dns.id": "0x000004d8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:07:53.114086000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494073.114086000",
+ "frame.time_delta": "0.006516000",
+ "frame.time_delta_displayed": "0.006516000",
+ "frame.time_relative": "36360.708882000",
+ "frame.number": "34518",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000cccb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea3c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49914",
+ "udp.port": "53",
+ "udp.port": "49914",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "368"
+ },
+ "dns": {
+ "dns.response_to": "34517",
+ "dns.time": "0.006516000",
+ "dns.id": "0x000004d8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "557",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2104",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2643",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5417",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1484",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5891",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2443",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2027",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4129",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1576",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:22:53.123990000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494973.123990000",
+ "frame.time_delta": "1.660357000",
+ "frame.time_delta_displayed": "900.009904000",
+ "frame.time_relative": "37260.718786000",
+ "frame.number": "35283",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000001f8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6c5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44922",
+ "udp.dstport": "53",
+ "udp.port": "44922",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a964",
+ "udp.checksum.status": "2",
+ "udp.stream": "372"
+ },
+ "dns": {
+ "dns.response_in": "35284",
+ "dns.id": "0x000004d9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:22:53.134103000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494973.134103000",
+ "frame.time_delta": "0.010113000",
+ "frame.time_delta_displayed": "0.010113000",
+ "frame.time_relative": "37260.728899000",
+ "frame.number": "35284",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000006d5",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b033",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44922",
+ "udp.port": "53",
+ "udp.port": "44922",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "372"
+ },
+ "dns": {
+ "dns.response_to": "35283",
+ "dns.time": "0.010113000",
+ "dns.id": "0x000004d9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21444",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1204",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1743",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4517",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "584",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4991",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1543",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1127",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3229",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "676",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.916241000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.916241000",
+ "frame.time_delta": "3.559096000",
+ "frame.time_delta_displayed": "629.782138000",
+ "frame.time_relative": "37890.511037000",
+ "frame.number": "35811",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007ba1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003d19",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49663",
+ "udp.dstport": "53",
+ "udp.port": "49663",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000fe63",
+ "udp.checksum.status": "2",
+ "udp.stream": "376"
+ },
+ "dns": {
+ "dns.response_in": "35812",
+ "dns.id": "0x000004da",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.918183000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.918183000",
+ "frame.time_delta": "0.001942000",
+ "frame.time_delta_displayed": "0.001942000",
+ "frame.time_relative": "37890.512979000",
+ "frame.number": "35812",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000d276",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e609",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49663",
+ "udp.port": "53",
+ "udp.port": "49663",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "376"
+ },
+ "dns": {
+ "dns.response_to": "35811",
+ "dns.time": "0.001942000",
+ "dns.id": "0x000004da",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.920557000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.920557000",
+ "frame.time_delta": "0.002374000",
+ "frame.time_delta_displayed": "0.002374000",
+ "frame.time_relative": "37890.515353000",
+ "frame.number": "35813",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007ba2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003d18",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33688",
+ "udp.dstport": "53",
+ "udp.port": "33688",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000057ca",
+ "udp.checksum.status": "2",
+ "udp.stream": "377"
+ },
+ "dns": {
+ "dns.response_in": "35814",
+ "dns.id": "0x000004db",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.922284000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.922284000",
+ "frame.time_delta": "0.001727000",
+ "frame.time_delta_displayed": "0.001727000",
+ "frame.time_relative": "37890.517080000",
+ "frame.number": "35814",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x0000d277",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e574",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33688",
+ "udp.port": "53",
+ "udp.port": "33688",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "377"
+ },
+ "dns": {
+ "dns.response_to": "35813",
+ "dns.time": "0.001727000",
+ "dns.id": "0x000004db",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2989",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119008",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143726",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143726",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122627",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115200",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115200",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.341511000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.341511000",
+ "frame.time_delta": "0.001324000",
+ "frame.time_delta_displayed": "0.419227000",
+ "frame.time_relative": "37890.936307000",
+ "frame.number": "35830",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007bba",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003d00",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36096",
+ "udp.dstport": "53",
+ "udp.port": "36096",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003361",
+ "udp.checksum.status": "2",
+ "udp.stream": "378"
+ },
+ "dns": {
+ "dns.response_in": "35831",
+ "dns.id": "0x000004dc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.341806000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.341806000",
+ "frame.time_delta": "0.000295000",
+ "frame.time_delta_displayed": "0.000295000",
+ "frame.time_relative": "37890.936602000",
+ "frame.number": "35831",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000d284",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e635",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36096",
+ "udp.port": "53",
+ "udp.port": "36096",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "378"
+ },
+ "dns": {
+ "dns.response_to": "35830",
+ "dns.time": "0.000295000",
+ "dns.id": "0x000004dc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.342577000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.342577000",
+ "frame.time_delta": "0.000771000",
+ "frame.time_delta_displayed": "0.000771000",
+ "frame.time_relative": "37890.937373000",
+ "frame.number": "35832",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007bbb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003cff",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49358",
+ "udp.dstport": "53",
+ "udp.port": "49358",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001a92",
+ "udp.checksum.status": "2",
+ "udp.stream": "379"
+ },
+ "dns": {
+ "dns.response_in": "35833",
+ "dns.id": "0x000004dd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.342908000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.342908000",
+ "frame.time_delta": "0.000331000",
+ "frame.time_delta_displayed": "0.000331000",
+ "frame.time_relative": "37890.937704000",
+ "frame.number": "35833",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000d285",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e624",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49358",
+ "udp.port": "53",
+ "udp.port": "49358",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "379"
+ },
+ "dns": {
+ "dns.response_to": "35832",
+ "dns.time": "0.000331000",
+ "dns.id": "0x000004dd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2988",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:37:53.142390000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495873.142390000",
+ "frame.time_delta": "3.770169000",
+ "frame.time_delta_displayed": "269.799482000",
+ "frame.time_relative": "38160.737186000",
+ "frame.number": "36053",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000d08e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e82e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36775",
+ "udp.dstport": "53",
+ "udp.port": "36775",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c932",
+ "udp.checksum.status": "2",
+ "udp.stream": "380"
+ },
+ "dns": {
+ "dns.response_in": "36054",
+ "dns.id": "0x000004de",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:37:53.148990000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495873.148990000",
+ "frame.time_delta": "0.006600000",
+ "frame.time_delta_displayed": "0.006600000",
+ "frame.time_relative": "38160.743786000",
+ "frame.number": "36054",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000fff7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b710",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36775",
+ "udp.port": "53",
+ "udp.port": "36775",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "380"
+ },
+ "dns": {
+ "dns.response_to": "36053",
+ "dns.time": "0.006600000",
+ "dns.id": "0x000004de",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20544",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "304",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "843",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3617",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3691",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4091",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "643",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "227",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2329",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5779",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:52:53.157944000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508496773.157944000",
+ "frame.time_delta": "0.549528000",
+ "frame.time_delta_displayed": "900.008954000",
+ "frame.time_relative": "39060.752740000",
+ "frame.number": "36810",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000fe35",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ba87",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58619",
+ "udp.dstport": "53",
+ "udp.port": "58619",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000073dd",
+ "udp.checksum.status": "2",
+ "udp.stream": "384"
+ },
+ "dns": {
+ "dns.response_in": "36811",
+ "dns.id": "0x000004df",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:52:53.164664000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508496773.164664000",
+ "frame.time_delta": "0.006720000",
+ "frame.time_delta_displayed": "0.006720000",
+ "frame.time_relative": "39060.759460000",
+ "frame.number": "36811",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004af7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006c11",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58619",
+ "udp.port": "53",
+ "udp.port": "58619",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "384"
+ },
+ "dns": {
+ "dns.response_to": "36810",
+ "dns.time": "0.006720000",
+ "dns.id": "0x000004df",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "19644",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3407",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7948",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2717",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2791",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3191",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7745",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.218"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3330",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1429",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4879",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:07:53.171491000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508497673.171491000",
+ "frame.time_delta": "3.380707000",
+ "frame.time_delta_displayed": "900.006827000",
+ "frame.time_relative": "39960.766287000",
+ "frame.number": "37558",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001426",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a497",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46109",
+ "udp.dstport": "53",
+ "udp.port": "46109",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a4ba",
+ "udp.checksum.status": "2",
+ "udp.stream": "388"
+ },
+ "dns": {
+ "dns.response_in": "37559",
+ "dns.id": "0x000004e0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:07:53.178025000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508497673.178025000",
+ "frame.time_delta": "0.006534000",
+ "frame.time_delta_displayed": "0.006534000",
+ "frame.time_relative": "39960.772821000",
+ "frame.number": "37559",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000d1c0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e547",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46109",
+ "udp.port": "53",
+ "udp.port": "46109",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "388"
+ },
+ "dns": {
+ "dns.response_to": "37558",
+ "dns.time": "0.006534000",
+ "dns.id": "0x000004e0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "121",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "16919",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "220",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2919",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3429",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3625",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4526",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4270",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 209.18.46.221": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "83",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.221"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5928",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:22:53.188284000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508498573.188284000",
+ "frame.time_delta": "2.605383000",
+ "frame.time_delta_displayed": "900.010259000",
+ "frame.time_relative": "40860.783080000",
+ "frame.number": "38342",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001f18",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000099a5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55484",
+ "udp.dstport": "53",
+ "udp.port": "55484",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000801a",
+ "udp.checksum.status": "2",
+ "udp.stream": "397"
+ },
+ "dns": {
+ "dns.response_in": "38343",
+ "dns.id": "0x000004e1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:22:53.198461000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508498573.198461000",
+ "frame.time_delta": "0.010177000",
+ "frame.time_delta_displayed": "0.010177000",
+ "frame.time_relative": "40860.793257000",
+ "frame.number": "38343",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000c8c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000aa7c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55484",
+ "udp.port": "53",
+ "udp.port": "55484",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "397"
+ },
+ "dns": {
+ "dns.response_to": "38342",
+ "dns.time": "0.010177000",
+ "dns.id": "0x000004e1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "121",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "16019",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3326",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2019",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2529",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2725",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3626",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3370",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3208",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5231",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5028",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.646883000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.646883000",
+ "frame.time_delta": "3.475755000",
+ "frame.time_delta_displayed": "630.448422000",
+ "frame.time_relative": "41491.241679000",
+ "frame.number": "38816",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000984f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000206b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49413",
+ "udp.dstport": "53",
+ "udp.port": "49413",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ff55",
+ "udp.checksum.status": "2",
+ "udp.stream": "398"
+ },
+ "dns": {
+ "dns.response_in": "38817",
+ "dns.id": "0x000004e2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.648923000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.648923000",
+ "frame.time_delta": "0.002040000",
+ "frame.time_delta_displayed": "0.002040000",
+ "frame.time_relative": "41491.243719000",
+ "frame.number": "38817",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000050e3",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000679d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49413",
+ "udp.port": "53",
+ "udp.port": "49413",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "398"
+ },
+ "dns": {
+ "dns.response_to": "38816",
+ "dns.time": "0.002040000",
+ "dns.id": "0x000004e2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.651769000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.651769000",
+ "frame.time_delta": "0.002846000",
+ "frame.time_delta_displayed": "0.002846000",
+ "frame.time_relative": "41491.246565000",
+ "frame.number": "38818",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009850",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000206a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36635",
+ "udp.dstport": "53",
+ "udp.port": "36635",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00004c3f",
+ "udp.checksum.status": "2",
+ "udp.stream": "399"
+ },
+ "dns": {
+ "dns.response_in": "38819",
+ "dns.id": "0x000004e3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.653376000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.653376000",
+ "frame.time_delta": "0.001607000",
+ "frame.time_delta_displayed": "0.001607000",
+ "frame.time_relative": "41491.248172000",
+ "frame.number": "38819",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000050e4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006708",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36635",
+ "udp.port": "53",
+ "udp.port": "36635",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "399"
+ },
+ "dns": {
+ "dns.response_to": "38818",
+ "dns.time": "0.001607000",
+ "dns.id": "0x000004e3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2989",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115407",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "140125",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "140125",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119026",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "111599",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "111599",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.064209000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.064209000",
+ "frame.time_delta": "0.000887000",
+ "frame.time_delta_displayed": "0.410833000",
+ "frame.time_relative": "41491.659005000",
+ "frame.number": "38835",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009876",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002044",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44523",
+ "udp.dstport": "53",
+ "udp.port": "44523",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000126e",
+ "udp.checksum.status": "2",
+ "udp.stream": "400"
+ },
+ "dns": {
+ "dns.response_in": "38836",
+ "dns.id": "0x000004e4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.064806000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.064806000",
+ "frame.time_delta": "0.000597000",
+ "frame.time_delta_displayed": "0.000597000",
+ "frame.time_relative": "41491.659602000",
+ "frame.number": "38836",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00005106",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067b4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44523",
+ "udp.port": "53",
+ "udp.port": "44523",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "400"
+ },
+ "dns": {
+ "dns.response_to": "38835",
+ "dns.time": "0.000597000",
+ "dns.id": "0x000004e4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.065754000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.065754000",
+ "frame.time_delta": "0.000948000",
+ "frame.time_delta_displayed": "0.000948000",
+ "frame.time_relative": "41491.660550000",
+ "frame.number": "38837",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009877",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002043",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44144",
+ "udp.dstport": "53",
+ "udp.port": "44144",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002ee8",
+ "udp.checksum.status": "2",
+ "udp.stream": "401"
+ },
+ "dns": {
+ "dns.response_in": "38838",
+ "dns.id": "0x000004e5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.066174000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.066174000",
+ "frame.time_delta": "0.000420000",
+ "frame.time_delta_displayed": "0.000420000",
+ "frame.time_relative": "41491.660970000",
+ "frame.number": "38838",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00005107",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067a3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44144",
+ "udp.port": "53",
+ "udp.port": "44144",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "401"
+ },
+ "dns": {
+ "dns.response_to": "38837",
+ "dns.time": "0.000420000",
+ "dns.id": "0x000004e5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2988",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:37:53.206495000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499473.206495000",
+ "frame.time_delta": "0.549295000",
+ "frame.time_delta_displayed": "269.140321000",
+ "frame.time_relative": "41760.801291000",
+ "frame.number": "39097",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000dbe6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000dcd6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45662",
+ "udp.dstport": "53",
+ "udp.port": "45662",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a673",
+ "udp.checksum.status": "2",
+ "udp.stream": "405"
+ },
+ "dns": {
+ "dns.response_in": "39098",
+ "dns.id": "0x000004e6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:37:53.212525000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499473.212525000",
+ "frame.time_delta": "0.006030000",
+ "frame.time_delta_displayed": "0.006030000",
+ "frame.time_relative": "41760.807321000",
+ "frame.number": "39098",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000808b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000367d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45662",
+ "udp.port": "53",
+ "udp.port": "45662",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "405"
+ },
+ "dns": {
+ "dns.response_to": "39097",
+ "dns.time": "0.006030000",
+ "dns.id": "0x000004e6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "121",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "15119",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2426",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1119",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1629",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1825",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2726",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2470",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2308",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4331",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4128",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:52:53.219299000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508500373.219299000",
+ "frame.time_delta": "3.495831000",
+ "frame.time_delta_displayed": "900.006774000",
+ "frame.time_relative": "42660.814095000",
+ "frame.number": "39806",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00005dbd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005b00",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "40448",
+ "udp.dstport": "53",
+ "udp.port": "40448",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000bad0",
+ "udp.checksum.status": "2",
+ "udp.stream": "409"
+ },
+ "dns": {
+ "dns.response_in": "39807",
+ "dns.id": "0x000004e7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:52:53.225624000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508500373.225624000",
+ "frame.time_delta": "0.006325000",
+ "frame.time_delta_displayed": "0.006325000",
+ "frame.time_relative": "42660.820420000",
+ "frame.number": "39807",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ac16",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000af2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "40448",
+ "udp.port": "53",
+ "udp.port": "40448",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "409"
+ },
+ "dns": {
+ "dns.response_to": "39806",
+ "dns.time": "0.006325000",
+ "dns.id": "0x000004e7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14219",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1526",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "219",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "729",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "925",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1826",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1570",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1408",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3431",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3228",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:07:53.234776000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508501273.234776000",
+ "frame.time_delta": "0.078020000",
+ "frame.time_delta_displayed": "900.009152000",
+ "frame.time_relative": "43560.829572000",
+ "frame.number": "40624",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00006faa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004913",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "56663",
+ "udp.dstport": "53",
+ "udp.port": "56663",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007b78",
+ "udp.checksum.status": "2",
+ "udp.stream": "410"
+ },
+ "dns": {
+ "dns.response_in": "40625",
+ "dns.id": "0x000004e8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:07:53.240805000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508501273.240805000",
+ "frame.time_delta": "0.006029000",
+ "frame.time_delta_displayed": "0.006029000",
+ "frame.time_relative": "43560.835601000",
+ "frame.number": "40625",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000456f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007199",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "56663",
+ "udp.port": "53",
+ "udp.port": "56663",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "410"
+ },
+ "dns": {
+ "dns.response_to": "40624",
+ "dns.time": "0.006029000",
+ "dns.id": "0x000004e8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13319",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "626",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7320",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7830",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "25",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "926",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "670",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "508",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2531",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2328",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:22:53.251101000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502173.251101000",
+ "frame.time_delta": "2.791011000",
+ "frame.time_delta_displayed": "900.010296000",
+ "frame.time_relative": "44460.845897000",
+ "frame.number": "41391",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c79b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f121",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47619",
+ "udp.dstport": "53",
+ "udp.port": "47619",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009ecb",
+ "udp.checksum.status": "2",
+ "udp.stream": "417"
+ },
+ "dns": {
+ "dns.response_in": "41392",
+ "dns.id": "0x000004e9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:22:53.257780000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502173.257780000",
+ "frame.time_delta": "0.006679000",
+ "frame.time_delta_displayed": "0.006679000",
+ "frame.time_relative": "44460.852576000",
+ "frame.number": "41392",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00002ab8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008c50",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47619",
+ "udp.port": "53",
+ "udp.port": "47619",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "417"
+ },
+ "dns": {
+ "dns.response_to": "41391",
+ "dns.time": "0.006679000",
+ "dns.id": "0x000004e9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12419",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3749",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6420",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6930",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3133",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "26",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7774",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3612",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1631",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1428",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.354168000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.354168000",
+ "frame.time_delta": "7.493030000",
+ "frame.time_delta_displayed": "629.096388000",
+ "frame.time_relative": "45089.948964000",
+ "frame.number": "41927",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00004173",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007747",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36484",
+ "udp.dstport": "53",
+ "udp.port": "36484",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000031cf",
+ "udp.checksum.status": "2",
+ "udp.stream": "422"
+ },
+ "dns": {
+ "dns.response_in": "41928",
+ "dns.id": "0x000004ea",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.356157000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.356157000",
+ "frame.time_delta": "0.001989000",
+ "frame.time_delta_displayed": "0.001989000",
+ "frame.time_relative": "45089.950953000",
+ "frame.number": "41928",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00009f4a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001936",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36484",
+ "udp.port": "53",
+ "udp.port": "36484",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "422"
+ },
+ "dns": {
+ "dns.response_to": "41927",
+ "dns.time": "0.001989000",
+ "dns.id": "0x000004ea",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.357016000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.357016000",
+ "frame.time_delta": "0.000859000",
+ "frame.time_delta_displayed": "0.000859000",
+ "frame.time_relative": "45089.951812000",
+ "frame.number": "41929",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00004174",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007746",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37527",
+ "udp.dstport": "53",
+ "udp.port": "37527",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000048bb",
+ "udp.checksum.status": "2",
+ "udp.stream": "423"
+ },
+ "dns": {
+ "dns.response_in": "41930",
+ "dns.id": "0x000004eb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.358502000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.358502000",
+ "frame.time_delta": "0.001486000",
+ "frame.time_delta_displayed": "0.001486000",
+ "frame.time_relative": "45089.953298000",
+ "frame.number": "41930",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00009f4b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000018a1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37527",
+ "udp.port": "53",
+ "udp.port": "37527",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "423"
+ },
+ "dns": {
+ "dns.response_to": "41929",
+ "dns.time": "0.001486000",
+ "dns.id": "0x000004eb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "10",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "161051",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "131974",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "131974",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "150229",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21951",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21951",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.769938000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.769938000",
+ "frame.time_delta": "0.000959000",
+ "frame.time_delta_displayed": "0.411436000",
+ "frame.time_relative": "45090.364734000",
+ "frame.number": "41946",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000418a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007730",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35698",
+ "udp.dstport": "53",
+ "udp.port": "35698",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000034df",
+ "udp.checksum.status": "2",
+ "udp.stream": "424"
+ },
+ "dns": {
+ "dns.response_in": "41947",
+ "dns.id": "0x000004ec",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.770497000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.770497000",
+ "frame.time_delta": "0.000559000",
+ "frame.time_delta_displayed": "0.000559000",
+ "frame.time_relative": "45090.365293000",
+ "frame.number": "41947",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009f51",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001969",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35698",
+ "udp.port": "53",
+ "udp.port": "35698",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "424"
+ },
+ "dns": {
+ "dns.response_to": "41946",
+ "dns.time": "0.000559000",
+ "dns.id": "0x000004ec",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.771306000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.771306000",
+ "frame.time_delta": "0.000809000",
+ "frame.time_delta_displayed": "0.000809000",
+ "frame.time_relative": "45090.366102000",
+ "frame.number": "41948",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000418b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000772f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59480",
+ "udp.dstport": "53",
+ "udp.port": "59480",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f2f7",
+ "udp.checksum.status": "2",
+ "udp.stream": "425"
+ },
+ "dns": {
+ "dns.response_in": "41949",
+ "dns.id": "0x000004ed",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.771826000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.771826000",
+ "frame.time_delta": "0.000520000",
+ "frame.time_delta_displayed": "0.000520000",
+ "frame.time_relative": "45090.366622000",
+ "frame.number": "41949",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00009f52",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001958",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59480",
+ "udp.port": "53",
+ "udp.port": "59480",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "425"
+ },
+ "dns": {
+ "dns.response_to": "41948",
+ "dns.time": "0.000520000",
+ "dns.id": "0x000004ed",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:37:53.266045000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503073.266045000",
+ "frame.time_delta": "2.473971000",
+ "frame.time_delta_displayed": "270.494219000",
+ "frame.time_relative": "45360.860841000",
+ "frame.number": "42165",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00006f25",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004998",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45073",
+ "udp.dstport": "53",
+ "udp.port": "45073",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a8b8",
+ "udp.checksum.status": "2",
+ "udp.stream": "426"
+ },
+ "dns": {
+ "dns.response_in": "42166",
+ "dns.id": "0x000004ee",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:37:53.344536000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503073.344536000",
+ "frame.time_delta": "0.078491000",
+ "frame.time_delta_displayed": "0.078491000",
+ "frame.time_relative": "45360.939332000",
+ "frame.number": "42166",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a957",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000db1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45073",
+ "udp.port": "53",
+ "udp.port": "45073",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "426"
+ },
+ "dns": {
+ "dns.response_to": "42165",
+ "dns.time": "0.078491000",
+ "dns.id": "0x000004ee",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13344",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1109",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1648",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4418",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "492",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2893",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1445",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.218"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1033",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1131",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4587",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:52:53.349738000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503973.349738000",
+ "frame.time_delta": "0.133221000",
+ "frame.time_delta_displayed": "900.005202000",
+ "frame.time_relative": "46260.944534000",
+ "frame.number": "42899",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00003ed9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000079e4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37008",
+ "udp.dstport": "53",
+ "udp.port": "37008",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c838",
+ "udp.checksum.status": "2",
+ "udp.stream": "430"
+ },
+ "dns": {
+ "dns.response_in": "42900",
+ "dns.id": "0x000004ef",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:52:53.356337000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503973.356337000",
+ "frame.time_delta": "0.006599000",
+ "frame.time_delta_displayed": "0.006599000",
+ "frame.time_relative": "46260.951133000",
+ "frame.number": "42900",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f284",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c483",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37008",
+ "udp.port": "53",
+ "udp.port": "37008",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "430"
+ },
+ "dns": {
+ "dns.response_to": "42899",
+ "dns.time": "0.006599000",
+ "dns.id": "0x000004ef",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "123",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10619",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1949",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4620",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5130",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1333",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4233",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5974",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1812",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5834",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5629",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:07:53.361739000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508504873.361739000",
+ "frame.time_delta": "3.522645000",
+ "frame.time_delta_displayed": "900.005402000",
+ "frame.time_relative": "47160.956535000",
+ "frame.number": "43627",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00002003",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000098ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "32771",
+ "udp.dstport": "53",
+ "udp.port": "32771",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d8c4",
+ "udp.checksum.status": "2",
+ "udp.stream": "434"
+ },
+ "dns": {
+ "dns.response_in": "43628",
+ "dns.id": "0x000004f0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:07:53.369270000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508504873.369270000",
+ "frame.time_delta": "0.007531000",
+ "frame.time_delta_displayed": "0.007531000",
+ "frame.time_relative": "47160.964066000",
+ "frame.number": "43628",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000dd37",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d9d0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "32771",
+ "udp.port": "53",
+ "udp.port": "32771",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "434"
+ },
+ "dns": {
+ "dns.response_to": "43627",
+ "dns.time": "0.007531000",
+ "dns.id": "0x000004f0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "126",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "9719",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1049",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3720",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4230",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "433",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3333",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5074",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "912",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4934",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4729",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:22:53.379501000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508505773.379501000",
+ "frame.time_delta": "5.573394000",
+ "frame.time_delta_displayed": "900.010231000",
+ "frame.time_relative": "48060.974297000",
+ "frame.number": "44377",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ea56",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ce66",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47638",
+ "udp.dstport": "53",
+ "udp.port": "47638",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009eb0",
+ "udp.checksum.status": "2",
+ "udp.stream": "438"
+ },
+ "dns": {
+ "dns.response_in": "44378",
+ "dns.id": "0x000004f1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:22:53.386242000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508505773.386242000",
+ "frame.time_delta": "0.006741000",
+ "frame.time_delta_displayed": "0.006741000",
+ "frame.time_relative": "48060.981038000",
+ "frame.number": "44378",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000016a1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a067",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47638",
+ "udp.port": "53",
+ "udp.port": "47638",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "438"
+ },
+ "dns": {
+ "dns.response_to": "44377",
+ "dns.time": "0.006741000",
+ "dns.id": "0x000004f1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "126",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8819",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "149",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2820",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3330",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3537",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2433",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4174",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4034",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3829",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.946788000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.946788000",
+ "frame.time_delta": "0.766058000",
+ "frame.time_delta_displayed": "629.560546000",
+ "frame.time_relative": "48690.541584000",
+ "frame.number": "44868",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bdc8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000faf1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34522",
+ "udp.dstport": "53",
+ "udp.port": "34522",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003971",
+ "udp.checksum.status": "2",
+ "udp.stream": "444"
+ },
+ "dns": {
+ "dns.response_in": "44869",
+ "dns.id": "0x000004f2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.948908000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.948908000",
+ "frame.time_delta": "0.002120000",
+ "frame.time_delta_displayed": "0.002120000",
+ "frame.time_relative": "48690.543704000",
+ "frame.number": "44869",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00005bc7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005cb9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34522",
+ "udp.port": "53",
+ "udp.port": "34522",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "444"
+ },
+ "dns": {
+ "dns.response_to": "44868",
+ "dns.time": "0.002120000",
+ "dns.id": "0x000004f2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.950083000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.950083000",
+ "frame.time_delta": "0.001175000",
+ "frame.time_delta_displayed": "0.001175000",
+ "frame.time_relative": "48690.544879000",
+ "frame.number": "44870",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bdc9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000faf0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33646",
+ "udp.dstport": "53",
+ "udp.port": "33646",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000057dc",
+ "udp.checksum.status": "2",
+ "udp.stream": "445"
+ },
+ "dns": {
+ "dns.response_in": "44871",
+ "dns.id": "0x000004f3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.951622000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.951622000",
+ "frame.time_delta": "0.001539000",
+ "frame.time_delta_displayed": "0.001539000",
+ "frame.time_relative": "48690.546418000",
+ "frame.number": "44871",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00005bc8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005c24",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33646",
+ "udp.port": "53",
+ "udp.port": "33646",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "445"
+ },
+ "dns": {
+ "dns.response_to": "44870",
+ "dns.time": "0.001539000",
+ "dns.id": "0x000004f3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157451",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "128374",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "128374",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "146629",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "18351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "18351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.416488000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.416488000",
+ "frame.time_delta": "0.000964000",
+ "frame.time_delta_displayed": "0.464866000",
+ "frame.time_relative": "48691.011284000",
+ "frame.number": "44887",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bddb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fade",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59813",
+ "udp.dstport": "53",
+ "udp.port": "59813",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000d6a3",
+ "udp.checksum.status": "2",
+ "udp.stream": "446"
+ },
+ "dns": {
+ "dns.response_in": "44888",
+ "dns.id": "0x000004f4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.416961000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.416961000",
+ "frame.time_delta": "0.000473000",
+ "frame.time_delta_displayed": "0.000473000",
+ "frame.time_relative": "48691.011757000",
+ "frame.number": "44888",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00005bce",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005cec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59813",
+ "udp.port": "53",
+ "udp.port": "59813",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "446"
+ },
+ "dns": {
+ "dns.response_to": "44887",
+ "dns.time": "0.000473000",
+ "dns.id": "0x000004f4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.417890000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.417890000",
+ "frame.time_delta": "0.000929000",
+ "frame.time_delta_displayed": "0.000929000",
+ "frame.time_relative": "48691.012686000",
+ "frame.number": "44889",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bddc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fadd",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44681",
+ "udp.dstport": "53",
+ "udp.port": "44681",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002cbf",
+ "udp.checksum.status": "2",
+ "udp.stream": "447"
+ },
+ "dns": {
+ "dns.response_in": "44890",
+ "dns.id": "0x000004f5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.418452000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.418452000",
+ "frame.time_delta": "0.000562000",
+ "frame.time_delta_displayed": "0.000562000",
+ "frame.time_relative": "48691.013248000",
+ "frame.number": "44890",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00005bcf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005cdb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44681",
+ "udp.port": "53",
+ "udp.port": "44681",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "447"
+ },
+ "dns": {
+ "dns.response_to": "44889",
+ "dns.time": "0.000562000",
+ "dns.id": "0x000004f5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:37:53.397275000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506673.397275000",
+ "frame.time_delta": "0.977714000",
+ "frame.time_delta_displayed": "269.978823000",
+ "frame.time_relative": "48960.992071000",
+ "frame.number": "45164",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f463",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c459",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53189",
+ "udp.dstport": "53",
+ "udp.port": "53189",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000088fc",
+ "udp.checksum.status": "2",
+ "udp.stream": "449"
+ },
+ "dns": {
+ "dns.response_in": "45165",
+ "dns.id": "0x000004f6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:37:53.407078000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506673.407078000",
+ "frame.time_delta": "0.009803000",
+ "frame.time_delta_displayed": "0.009803000",
+ "frame.time_relative": "48961.001874000",
+ "frame.number": "45165",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000adc8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000940",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53189",
+ "udp.port": "53",
+ "udp.port": "53189",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "449"
+ },
+ "dns": {
+ "dns.response_to": "45164",
+ "dns.time": "0.009803000",
+ "dns.id": "0x000004f6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7919",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3256",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2430",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2637",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1533",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3274",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3115",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3134",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2929",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:52:53.416716000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508507573.416716000",
+ "frame.time_delta": "1.378707000",
+ "frame.time_delta_displayed": "900.009638000",
+ "frame.time_relative": "49861.011512000",
+ "frame.number": "45902",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000028c2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008ffb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53544",
+ "udp.dstport": "53",
+ "udp.port": "53544",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00008798",
+ "udp.checksum.status": "2",
+ "udp.stream": "454"
+ },
+ "dns": {
+ "dns.response_in": "45903",
+ "dns.id": "0x000004f7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:52:53.422982000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508507573.422982000",
+ "frame.time_delta": "0.006266000",
+ "frame.time_delta_displayed": "0.006266000",
+ "frame.time_relative": "49861.017778000",
+ "frame.number": "45903",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f786",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf81",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53544",
+ "udp.port": "53",
+ "udp.port": "53544",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "454"
+ },
+ "dns": {
+ "dns.response_to": "45902",
+ "dns.time": "0.006266000",
+ "dns.id": "0x000004f7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7019",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2356",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1020",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1530",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1737",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "633",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2374",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2215",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2234",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2029",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:07:53.431212000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508508473.431212000",
+ "frame.time_delta": "2.092085000",
+ "frame.time_delta_displayed": "900.008230000",
+ "frame.time_relative": "50761.026008000",
+ "frame.number": "46613",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000dff",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000aabe",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34206",
+ "udp.dstport": "53",
+ "udp.port": "34206",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d321",
+ "udp.checksum.status": "2",
+ "udp.stream": "458"
+ },
+ "dns": {
+ "dns.response_in": "46614",
+ "dns.id": "0x000004f8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:07:53.437633000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508508473.437633000",
+ "frame.time_delta": "0.006421000",
+ "frame.time_delta_displayed": "0.006421000",
+ "frame.time_relative": "50761.032429000",
+ "frame.number": "46614",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004f64",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067a4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34206",
+ "udp.port": "53",
+ "udp.port": "34206",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "458"
+ },
+ "dns": {
+ "dns.response_to": "46613",
+ "dns.time": "0.006421000",
+ "dns.id": "0x000004f8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6119",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1456",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "120",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "630",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "837",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5740",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.207"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1474",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1315",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1334",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1129",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:22:53.445298000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508509373.445298000",
+ "frame.time_delta": "4.162550000",
+ "frame.time_delta_displayed": "900.007665000",
+ "frame.time_relative": "51661.040094000",
+ "frame.number": "47529",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001618",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a2a5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37517",
+ "udp.dstport": "53",
+ "udp.port": "37517",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c631",
+ "udp.checksum.status": "2",
+ "udp.stream": "459"
+ },
+ "dns": {
+ "dns.response_in": "47530",
+ "dns.id": "0x000004f9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:22:53.451560000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508509373.451560000",
+ "frame.time_delta": "0.006262000",
+ "frame.time_delta_displayed": "0.006262000",
+ "frame.time_relative": "51661.046356000",
+ "frame.number": "47530",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000879c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002f6c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37517",
+ "udp.port": "53",
+ "udp.port": "37517",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "459"
+ },
+ "dns": {
+ "dns.response_to": "47529",
+ "dns.time": "0.006262000",
+ "dns.id": "0x000004f9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5219",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "556",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7221",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7733",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.146.244"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3938",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4840",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.207"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "574",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "415",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "434",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "229",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.445057000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.445057000",
+ "frame.time_delta": "7.984590000",
+ "frame.time_delta_displayed": "629.993497000",
+ "frame.time_relative": "52291.039853000",
+ "frame.number": "48058",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb5d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd5c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54194",
+ "udp.dstport": "53",
+ "udp.port": "54194",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ec90",
+ "udp.checksum.status": "2",
+ "udp.stream": "463"
+ },
+ "dns": {
+ "dns.response_in": "48059",
+ "dns.id": "0x000004fa",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.447069000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.447069000",
+ "frame.time_delta": "0.002012000",
+ "frame.time_delta_displayed": "0.002012000",
+ "frame.time_relative": "52291.041865000",
+ "frame.number": "48059",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000001dc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6a4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54194",
+ "udp.port": "53",
+ "udp.port": "54194",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "463"
+ },
+ "dns": {
+ "dns.response_to": "48058",
+ "dns.time": "0.002012000",
+ "dns.id": "0x000004fa",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.447897000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.447897000",
+ "frame.time_delta": "0.000828000",
+ "frame.time_delta_displayed": "0.000828000",
+ "frame.time_relative": "52291.042693000",
+ "frame.number": "48060",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb5e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd5b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35295",
+ "udp.dstport": "53",
+ "udp.port": "35295",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00005163",
+ "udp.checksum.status": "2",
+ "udp.stream": "464"
+ },
+ "dns": {
+ "dns.response_in": "48061",
+ "dns.id": "0x000004fb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.449477000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.449477000",
+ "frame.time_delta": "0.001580000",
+ "frame.time_delta_displayed": "0.001580000",
+ "frame.time_relative": "52291.044273000",
+ "frame.number": "48061",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000001dd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b60f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35295",
+ "udp.port": "53",
+ "udp.port": "35295",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "464"
+ },
+ "dns": {
+ "dns.response_to": "48060",
+ "dns.time": "0.001580000",
+ "dns.id": "0x000004fb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2798",
+ "dns.resp.len": "10",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2798",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2798",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "153850",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "124773",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "124773",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143028",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14750",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14750",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.865101000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.865101000",
+ "frame.time_delta": "0.001627000",
+ "frame.time_delta_displayed": "0.415624000",
+ "frame.time_relative": "52291.459897000",
+ "frame.number": "48078",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb69",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd50",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "56468",
+ "udp.dstport": "53",
+ "udp.port": "56468",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e3ac",
+ "udp.checksum.status": "2",
+ "udp.stream": "465"
+ },
+ "dns": {
+ "dns.response_in": "48079",
+ "dns.id": "0x000004fc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.865672000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.865672000",
+ "frame.time_delta": "0.000571000",
+ "frame.time_delta_displayed": "0.000571000",
+ "frame.time_relative": "52291.460468000",
+ "frame.number": "48079",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000001de",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6dc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "56468",
+ "udp.port": "53",
+ "udp.port": "56468",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "465"
+ },
+ "dns": {
+ "dns.response_to": "48078",
+ "dns.time": "0.000571000",
+ "dns.id": "0x000004fc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.866499000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.866499000",
+ "frame.time_delta": "0.000827000",
+ "frame.time_delta_displayed": "0.000827000",
+ "frame.time_relative": "52291.461295000",
+ "frame.number": "48080",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb6a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd4f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "42815",
+ "udp.dstport": "53",
+ "udp.port": "42815",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003401",
+ "udp.checksum.status": "2",
+ "udp.stream": "466"
+ },
+ "dns": {
+ "dns.response_in": "48081",
+ "dns.id": "0x000004fd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.867228000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.867228000",
+ "frame.time_delta": "0.000729000",
+ "frame.time_delta_displayed": "0.000729000",
+ "frame.time_relative": "52291.462024000",
+ "frame.number": "48081",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x000001df",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6cb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "42815",
+ "udp.port": "53",
+ "udp.port": "42815",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "466"
+ },
+ "dns": {
+ "dns.response_to": "48080",
+ "dns.time": "0.000729000",
+ "dns.id": "0x000004fd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:37:53.461226000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510273.461226000",
+ "frame.time_delta": "5.280384000",
+ "frame.time_delta_displayed": "269.593998000",
+ "frame.time_relative": "52561.056022000",
+ "frame.number": "48304",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000e4c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000aa71",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49801",
+ "udp.dstport": "53",
+ "udp.port": "49801",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009630",
+ "udp.checksum.status": "2",
+ "udp.stream": "467"
+ },
+ "dns": {
+ "dns.response_in": "48305",
+ "dns.id": "0x000004fe",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:37:53.467660000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510273.467660000",
+ "frame.time_delta": "0.006434000",
+ "frame.time_delta_displayed": "0.006434000",
+ "frame.time_relative": "52561.062456000",
+ "frame.number": "48305",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001912",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009df6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49801",
+ "udp.port": "53",
+ "udp.port": "49801",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "467"
+ },
+ "dns": {
+ "dns.response_to": "48304",
+ "dns.time": "0.006434000",
+ "dns.id": "0x000004fe",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "128",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4319",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3658",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6321",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6833",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.146.244"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3038",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3940",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.207"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7681",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3520",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5538",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5335",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+]
projects / pingpong.git / commitdiff