From: Janus Varmarken Date: Fri, 3 Nov 2017 19:07:13 +0000 (-0700) Subject: Initial experimentation with simple pipeline setup: Call parse_json_dns from parse_dn... X-Git-Url: http://plrg.eecs.uci.edu/git/?p=pingpong.git;a=commitdiff_plain;h=67b9a643367d674317b384ff1f0d897e6d52e56b Initial experimentation with simple pipeline setup: Call parse_json_dns from parse_dns.py in base_gefx_generator.py Add simple gitignore. Add example wireshark DNS extract for testing. Add example wireshark HTTP extract for testing. --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f6f4873 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# ignore python byte code files +*.pyc diff --git a/base_gefx_generator.py b/base_gefx_generator.py index fd2a55e..4b8a275 100644 --- a/base_gefx_generator.py +++ b/base_gefx_generator.py @@ -18,7 +18,14 @@ import tldextract import networkx as nx import sys +import parse_dns + def parse_json(file_path): + + maps_tuple = parse_dns.parse_json_dns("./dns.json") + hn_ip_map = maps_tuple[0] + ip_hn_map = maps_tuple[1] + # Init empty graph G = nx.DiGraph() with open(file_path) as jf: @@ -27,10 +34,18 @@ def parse_json(file_path): data = json.load(jf) # Loop through json objects in data for k in data: + #print "k is:",k # Fetch source and destination IPs. # Each of these become a Node in the Graph. src_ip = data[k]["src_ip"] dst_ip = data[k]["dst_ip"] + + if dst_ip in ip_hn_map: + # hack to get first element in set + for e in ip_hn_map[dst_ip]: + break + dst_ip = e + ''' Graph construction ''' # No need to check if the Nodes and/or Edges we add already exist: # NetworkX won't add already existing nodes/edges (except in the case of a MultiGraph or MultiDiGraph (see NetworkX doc)). diff --git a/dns.json b/dns.json new file mode 100644 index 0000000..43f3eb5 --- /dev/null +++ b/dns.json @@ -0,0 +1,40632 @@ +[ + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458071.560156000", + "frame.time_delta": "1.053360000", + "frame.time_delta_displayed": "0.000000000", + "frame.time_relative": "359.154952000", + "frame.number": "380", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c5d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35041", + "udp.dstport": "53", + "udp.port": "35041", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d04f", + "udp.checksum.status": "2", + "udp.stream": "19" + }, + "dns": { + "dns.response_in": "381", + "dns.id": "0x00000487", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458071.597999000", + "frame.time_delta": "0.037843000", + "frame.time_delta_displayed": "0.037843000", + "frame.time_relative": "359.192795000", + "frame.number": "381", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00001e6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000989e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35041", + "udp.port": "53", + "udp.port": "35041", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "19" + }, + "dns": { + "dns.response_to": "380", + "dns.time": "0.037843000", + "dns.id": "0x00000487", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13313", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3795", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2515", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3016", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3200", + "dns.resp.len": "4", + "dns.a": "165.254.134.241" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2106", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3857", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3654", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3718", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2491", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458971.607393000", + "frame.time_delta": "4.029605000", + "frame.time_delta_displayed": "900.009394000", + "frame.time_relative": "1259.202189000", + "frame.number": "1239", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00000103", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b7ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57902", + "udp.dstport": "53", + "udp.port": "57902", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007701", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "dns": { + "dns.response_in": "1240", + "dns.id": "0x00000488", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458971.678853000", + "frame.time_delta": "0.071460000", + "frame.time_delta_displayed": "0.071460000", + "frame.time_relative": "1259.273649000", + "frame.number": "1240", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00004f7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000067ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57902", + "udp.port": "53", + "udp.port": "57902", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "dns": { + "dns.response_to": "1239", + "dns.time": "0.071460000", + "dns.id": "0x00000488", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "12413", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2895", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1615", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2116", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2300", + "dns.resp.len": "4", + "dns.a": "165.254.134.241" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1206", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2957", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2754", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2818", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.045476000", + "frame.time_delta": "1.106645000", + "frame.time_delta_displayed": "631.366623000", + "frame.time_relative": "1890.640272000", + "frame.number": "1873", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44067", + "udp.dstport": "53", + "udp.port": "44067", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001491", + "udp.checksum.status": "2", + "udp.stream": "51" + }, + "dns": { + "dns.response_in": "1874", + "dns.id": "0x00000489", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.047090000", + "frame.time_delta": "0.001614000", + "frame.time_delta_displayed": "0.001614000", + "frame.time_relative": "1890.641886000", + "frame.number": "1874", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00002b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44067", + "udp.port": "53", + "udp.port": "44067", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "51" + }, + "dns": { + "dns.response_to": "1873", + "dns.time": "0.001614000", + "dns.id": "0x00000489", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "643", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.048272000", + "frame.time_delta": "0.001182000", + "frame.time_delta_displayed": "0.001182000", + "frame.time_relative": "1890.643068000", + "frame.number": "1875", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51510", + "udp.dstport": "53", + "udp.port": "51510", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000127d", + "udp.checksum.status": "2", + "udp.stream": "52" + }, + "dns": { + "dns.response_in": "1876", + "dns.id": "0x0000048a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.049516000", + "frame.time_delta": "0.001244000", + "frame.time_delta_displayed": "0.001244000", + "frame.time_relative": "1890.644312000", + "frame.number": "1876", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00002b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51510", + "udp.port": "53", + "udp.port": "51510", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "52" + }, + "dns": { + "dns.response_to": "1875", + "dns.time": "0.001244000", + "dns.id": "0x0000048a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "155007", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3438", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3438", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "158626", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151199", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151199", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.470381000", + "frame.time_delta": "0.000880000", + "frame.time_delta_displayed": "0.420865000", + "frame.time_relative": "1891.065177000", + "frame.number": "1892", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009998", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44843", + "udp.dstport": "53", + "udp.port": "44843", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001187", + "udp.checksum.status": "2", + "udp.stream": "53" + }, + "dns": { + "dns.response_in": "1893", + "dns.id": "0x0000048b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.470880000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1891.065676000", + "frame.number": "1893", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002b76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44843", + "udp.port": "53", + "udp.port": "44843", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "53" + }, + "dns": { + "dns.response_to": "1892", + "dns.time": "0.000499000", + "dns.id": "0x0000048b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.471684000", + "frame.time_delta": "0.000804000", + "frame.time_delta_displayed": "0.000804000", + "frame.time_relative": "1891.066480000", + "frame.number": "1894", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009997", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "40021", + "udp.dstport": "53", + "udp.port": "40021", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003f5c", + "udp.checksum.status": "2", + "udp.stream": "54" + }, + "dns": { + "dns.response_in": "1895", + "dns.id": "0x0000048c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.472192000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "1891.066988000", + "frame.number": "1895", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002b77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "40021", + "udp.port": "53", + "udp.port": "40021", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "54" + }, + "dns": { + "dns.response_to": "1894", + "dns.time": "0.000508000", + "dns.id": "0x0000048c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459871.689099000", + "frame.time_delta": "0.145237000", + "frame.time_delta_displayed": "268.216907000", + "frame.time_relative": "2159.283895000", + "frame.number": "2153", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000053f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49510", + "udp.dstport": "53", + "udp.port": "49510", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000097c4", + "udp.checksum.status": "2", + "udp.stream": "60" + }, + "dns": { + "dns.response_in": "2154", + "dns.id": "0x0000048d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459871.695550000", + "frame.time_delta": "0.006451000", + "frame.time_delta_displayed": "0.006451000", + "frame.time_relative": "2159.290346000", + "frame.number": "2154", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000851c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49510", + "udp.port": "53", + "udp.port": "49510", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "60" + }, + "dns": { + "dns.response_to": "2153", + "dns.time": "0.006451000", + "dns.id": "0x0000048d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "141", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13111", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "294", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4838", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7614", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3676", + "dns.resp.len": "4", + "dns.a": "165.254.16.90" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4084", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4641", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "218", + "dns.resp.len": "4", + "dns.a": "165.254.134.246" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2322", + "dns.resp.len": "4", + "dns.a": "165.254.134.232" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4774", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508460771.705423000", + "frame.time_delta": "3.937809000", + "frame.time_delta_displayed": "900.009873000", + "frame.time_relative": "3059.300219000", + "frame.number": "2958", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000b28e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000062f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59344", + "udp.dstport": "53", + "udp.port": "59344", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007159", + "udp.checksum.status": "2", + "udp.stream": "72" + }, + "dns": { + "dns.response_in": "2959", + "dns.id": "0x0000048e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508460771.715857000", + "frame.time_delta": "0.010434000", + "frame.time_delta_displayed": "0.010434000", + "frame.time_relative": "3059.310653000", + "frame.number": "2959", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ca5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ecab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59344", + "udp.port": "53", + "udp.port": "59344", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "72" + }, + "dns": { + "dns.response_to": "2958", + "dns.time": "0.010434000", + "dns.id": "0x0000048e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10613", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1095", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7816", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "316", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "500", + "dns.resp.len": "4", + "dns.a": "165.254.134.241" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5409", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1157", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "954", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1018", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5792", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461671.725149000", + "frame.time_delta": "2.951813000", + "frame.time_delta_displayed": "900.009292000", + "frame.time_relative": "3959.319945000", + "frame.number": "3816", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ba5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34709", + "udp.dstport": "53", + "udp.port": "34709", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d193", + "udp.checksum.status": "2", + "udp.stream": "84" + }, + "dns": { + "dns.response_in": "3817", + "dns.id": "0x0000048f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461671.735281000", + "frame.time_delta": "0.010132000", + "frame.time_delta_displayed": "0.010132000", + "frame.time_relative": "3959.330077000", + "frame.number": "3817", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004a90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006c78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34709", + "udp.port": "53", + "udp.port": "34709", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "84" + }, + "dns": { + "dns.response_to": "3816", + "dns.time": "0.010132000", + "dns.id": "0x0000048f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "11311", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2496", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3038", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5814", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1876", + "dns.resp.len": "4", + "dns.a": "165.254.16.90" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2284", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2841", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2419", + "dns.resp.len": "4", + "dns.a": "165.254.16.93" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "522", + "dns.resp.len": "4", + "dns.a": "165.254.134.232" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2974", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461976.852097000", + "frame.time_delta": "3.045152000", + "frame.time_delta_displayed": "305.116816000", + "frame.time_relative": "4264.446893000", + "frame.number": "5571", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000f879", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c03c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "46881", + "udp.dstport": "53", + "udp.port": "46881", + "udp.port": "53", + "udp.length": "49", + "udp.checksum": "0x0000d1bd", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "dns": { + "dns.response_in": "5572", + "dns.id": "0x00000490", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461976.936468000", + "frame.time_delta": "0.084371000", + "frame.time_delta_displayed": "0.084371000", + "frame.time_relative": "4264.531264000", + "frame.number": "5572", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x00008c6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002b72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "46881", + "udp.port": "53", + "udp.port": "46881", + "udp.length": "263", + "udp.checksum": "0x0000830a", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "dns": { + "dns.response_to": "5571", + "dns.time": "0.084371000", + "dns.id": "0x00000490", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { + "dns.resp.name": "diagnostics.meethue.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "4", + "dns.a": "130.211.67.12" + } + }, + "Authoritative nameservers": { + "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "18", + "dns.ns": "ns2.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172800", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172800", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172800", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2611", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62777", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62777", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508462571.746902000", + "frame.time_delta": "2.037142000", + "frame.time_delta_displayed": "594.810434000", + "frame.time_relative": "4859.341698000", + "frame.number": "6175", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000f884", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c038", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54444", + "udp.dstport": "53", + "udp.port": "54444", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000847a", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "dns": { + "dns.response_in": "6176", + "dns.id": "0x00000491", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508462571.772932000", + "frame.time_delta": "0.026030000", + "frame.time_delta_displayed": "0.026030000", + "frame.time_relative": "4859.367728000", + "frame.number": "6176", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004cfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006a0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54444", + "udp.port": "53", + "udp.port": "54444", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "dns": { + "dns.response_to": "6175", + "dns.time": "0.026030000", + "dns.id": "0x00000491", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8813", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3296", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6016", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6518", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2701", + "dns.resp.len": "4", + "dns.a": "96.17.70.190" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3609", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7358", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3156", + "dns.resp.len": "4", + "dns.a": "184.51.200.166" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5219", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3992", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.624384000", + "frame.time_delta": "0.266457000", + "frame.time_delta_displayed": "629.851452000", + "frame.time_relative": "5489.219180000", + "frame.number": "6744", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f988", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37292", + "udp.dstport": "53", + "udp.port": "37292", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002eff", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "dns": { + "dns.response_in": "6745", + "dns.id": "0x00000492", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.626468000", + "frame.time_delta": "0.002084000", + "frame.time_delta_displayed": "0.002084000", + "frame.time_relative": "5489.221264000", + "frame.number": "6745", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00003f71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000790f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37292", + "udp.port": "53", + "udp.port": "37292", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "dns": { + "dns.response_to": "6744", + "dns.time": "0.002084000", + "dns.id": "0x00000492", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.627301000", + "frame.time_delta": "0.000833000", + "frame.time_delta_displayed": "0.000833000", + "frame.time_relative": "5489.222097000", + "frame.number": "6746", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f987", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54874", + "udp.dstport": "53", + "udp.port": "54874", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000550", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.response_in": "6747", + "dns.id": "0x00000493", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.628812000", + "frame.time_delta": "0.001511000", + "frame.time_delta_displayed": "0.001511000", + "frame.time_relative": "5489.223608000", + "frame.number": "6747", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00003f72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000787a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54874", + "udp.port": "53", + "udp.port": "54874", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.response_to": "6746", + "dns.time": "0.001511000", + "dns.id": "0x00000493", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2985", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171575", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171575", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171575", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1386", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "61552", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "61552", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.044352000", + "frame.time_delta": "0.001668000", + "frame.time_delta_displayed": "0.415540000", + "frame.time_relative": "5489.639148000", + "frame.number": "6763", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f978", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55176", + "udp.dstport": "53", + "udp.port": "55176", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e920", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "dns": { + "dns.response_in": "6764", + "dns.id": "0x00000494", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.044953000", + "frame.time_delta": "0.000601000", + "frame.time_delta_displayed": "0.000601000", + "frame.time_relative": "5489.639749000", + "frame.number": "6764", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00003f96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007924", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55176", + "udp.port": "53", + "udp.port": "55176", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "dns": { + "dns.response_to": "6763", + "dns.time": "0.000601000", + "dns.id": "0x00000494", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.045769000", + "frame.time_delta": "0.000816000", + "frame.time_delta_displayed": "0.000816000", + "frame.time_relative": "5489.640565000", + "frame.number": "6765", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f977", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60660", + "udp.dstport": "53", + "udp.port": "60660", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000eeb3", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "dns": { + "dns.response_in": "6766", + "dns.id": "0x00000495", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.046379000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "5489.641175000", + "frame.number": "6766", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00003f97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007913", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60660", + "udp.port": "53", + "udp.port": "60660", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "dns": { + "dns.response_to": "6765", + "dns.time": "0.000610000", + "dns.id": "0x00000495", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2984", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463471.778249000", + "frame.time_delta": "3.324074000", + "frame.time_delta_displayed": "269.731870000", + "frame.time_relative": "5759.373045000", + "frame.number": "7048", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00001dd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36809", + "udp.dstport": "53", + "udp.port": "36809", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c958", + "udp.checksum.status": "2", + "udp.stream": "113" + }, + "dns": { + "dns.response_in": "7049", + "dns.id": "0x00000496", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463471.799436000", + "frame.time_delta": "0.021187000", + "frame.time_delta_displayed": "0.021187000", + "frame.time_relative": "5759.394232000", + "frame.number": "7049", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000431d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000073eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36809", + "udp.port": "53", + "udp.port": "36809", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "113" + }, + "dns": { + "dns.response_to": "7048", + "dns.time": "0.021187000", + "dns.id": "0x00000496", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7913", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2396", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5116", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5618", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1801", + "dns.resp.len": "4", + "dns.a": "96.17.70.190" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2709", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6458", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2256", + "dns.resp.len": "4", + "dns.a": "184.51.200.166" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4319", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3092", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508464371.807701000", + "frame.time_delta": "0.379478000", + "frame.time_delta_displayed": "900.008265000", + "frame.time_relative": "6659.402497000", + "frame.number": "7913", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00009e02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001abb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47598", + "udp.dstport": "53", + "udp.port": "47598", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009f32", + "udp.checksum.status": "2", + "udp.stream": "123" + }, + "dns": { + "dns.response_in": "7914", + "dns.id": "0x00000497", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508464371.814443000", + "frame.time_delta": "0.006742000", + "frame.time_delta_displayed": "0.006742000", + "frame.time_relative": "6659.409239000", + "frame.number": "7914", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x0000e205", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d530", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47598", + "udp.port": "53", + "udp.port": "47598", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "123" + }, + "dns": { + "dns.response_to": "7913", + "dns.time": "0.006742000", + "dns.id": "0x00000497", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8611", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3797", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "338", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3114", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3177", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5586", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "141", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3720", + "dns.resp.len": "4", + "dns.a": "173.197.192.234" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3824", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508465271.823654000", + "frame.time_delta": "3.748666000", + "frame.time_delta_displayed": "900.009211000", + "frame.time_relative": "7559.418450000", + "frame.number": "8671", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e910", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cfac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33804", + "udp.dstport": "53", + "udp.port": "33804", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d513", + "udp.checksum.status": "2", + "udp.stream": "132" + }, + "dns": { + "dns.response_in": "8672", + "dns.id": "0x00000498", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508465271.884431000", + "frame.time_delta": "0.060777000", + "frame.time_delta_displayed": "0.060777000", + "frame.time_relative": "7559.479227000", + "frame.number": "8672", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004cdb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006a2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33804", + "udp.port": "53", + "udp.port": "33804", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "132" + }, + "dns": { + "dns.response_to": "8671", + "dns.time": "0.060777000", + "dns.id": "0x00000498", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6113", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "596", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3316", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3818", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1", + "dns.resp.len": "4", + "dns.a": "96.17.70.190" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "909", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4658", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "456", + "dns.resp.len": "4", + "dns.a": "184.51.200.166" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2519", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1292", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466171.895282000", + "frame.time_delta": "7.109343000", + "frame.time_delta_displayed": "900.010851000", + "frame.time_relative": "8459.490078000", + "frame.number": "9475", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ffbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b900", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33283", + "udp.dstport": "53", + "udp.port": "33283", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d71b", + "udp.checksum.status": "2", + "udp.stream": "144" + }, + "dns": { + "dns.response_in": "9476", + "dns.id": "0x00000499", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466171.906565000", + "frame.time_delta": "0.011283000", + "frame.time_delta_displayed": "0.011283000", + "frame.time_relative": "8459.501361000", + "frame.number": "9476", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000a915", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000df3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33283", + "udp.port": "53", + "udp.port": "33283", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "144" + }, + "dns": { + "dns.response_to": "9475", + "dns.time": "0.011283000", + "dns.id": "0x00000499", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6811", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1997", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6539", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1314", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1377", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3786", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6342", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1920", + "dns.resp.len": "4", + "dns.a": "173.197.192.234" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2024", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4475", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.239450000", + "frame.time_delta": "4.788057000", + "frame.time_delta_displayed": "630.332885000", + "frame.time_relative": "9089.834246000", + "frame.number": "10050", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000751c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000439e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51418", + "udp.dstport": "53", + "udp.port": "51418", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f7c8", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "dns": { + "dns.response_in": "10051", + "dns.id": "0x0000049a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.241425000", + "frame.time_delta": "0.001975000", + "frame.time_delta_displayed": "0.001975000", + "frame.time_relative": "9089.836221000", + "frame.number": "10051", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x000030bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000087c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51418", + "udp.port": "53", + "udp.port": "51418", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "dns": { + "dns.response_to": "10050", + "dns.time": "0.001975000", + "dns.id": "0x0000049a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.242432000", + "frame.time_delta": "0.001007000", + "frame.time_delta_displayed": "0.001007000", + "frame.time_relative": "9089.837228000", + "frame.number": "10052", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000751d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000439d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60729", + "udp.dstport": "53", + "udp.port": "60729", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ee68", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "dns": { + "dns.response_in": "10053", + "dns.id": "0x0000049b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.244090000", + "frame.time_delta": "0.001658000", + "frame.time_delta_displayed": "0.001658000", + "frame.time_relative": "9089.838886000", + "frame.number": "10053", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x000030c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000872c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60729", + "udp.port": "53", + "udp.port": "60729", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "dns": { + "dns.response_to": "10052", + "dns.time": "0.001658000", + "dns.id": "0x0000049b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "147808", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172526", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172526", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151427", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144000", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144000", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.660387000", + "frame.time_delta": "0.001051000", + "frame.time_delta_displayed": "0.416297000", + "frame.time_relative": "9090.255183000", + "frame.number": "10069", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007547", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004373", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "46220", + "udp.dstport": "53", + "udp.port": "46220", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000c15", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.response_in": "10070", + "dns.id": "0x0000049c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.660954000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "9090.255750000", + "frame.number": "10070", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000030d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000087e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "46220", + "udp.port": "53", + "udp.port": "46220", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.response_to": "10069", + "dns.time": "0.000567000", + "dns.id": "0x0000049c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.661749000", + "frame.time_delta": "0.000795000", + "frame.time_delta_displayed": "0.000795000", + "frame.time_relative": "9090.256545000", + "frame.number": "10071", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007548", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004372", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51255", + "udp.dstport": "53", + "udp.port": "51255", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001369", + "udp.checksum.status": "2", + "udp.stream": "154" + }, + "dns": { + "dns.response_in": "10072", + "dns.id": "0x0000049d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.662301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.662301000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "9090.257097000", + "frame.number": "10072", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000030d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000087d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51255", + "udp.port": "53", + "udp.port": "51255", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "154" + }, + "dns": { + "dns.response_to": "10071", + "dns.time": "0.000552000", + "dns.id": "0x0000049d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:37:51.914199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467071.914199000", + "frame.time_delta": "0.065381000", + "frame.time_delta_displayed": "269.251898000", + "frame.time_relative": "9359.508995000", + "frame.number": "10287", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000089fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002ec0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41837", + "udp.dstport": "53", + "udp.port": "41837", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b5ac", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "dns": { + "dns.response_in": "10288", + "dns.id": "0x0000049e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:37:51.978100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467071.978100000", + "frame.time_delta": "0.063901000", + "frame.time_delta_displayed": "0.063901000", + "frame.time_relative": "9359.572896000", + "frame.number": "10288", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00008e7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000288b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41837", + "udp.port": "53", + "udp.port": "41837", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "dns": { + "dns.response_to": "10287", + "dns.time": "0.063901000", + "dns.id": "0x0000049e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4313", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1516", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2018", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2202", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5110", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2858", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2660", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "719", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5496", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:52:51.985173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467971.985173000", + "frame.time_delta": "0.373714000", + "frame.time_delta_displayed": "900.007073000", + "frame.time_relative": "10259.579969000", + "frame.number": "11065", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000b24b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000672", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33682", + "udp.dstport": "53", + "udp.port": "33682", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d586", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "dns": { + "dns.response_in": "11066", + "dns.id": "0x0000049f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:52:52.048951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467972.048951000", + "frame.time_delta": "0.063778000", + "frame.time_delta_displayed": "0.063778000", + "frame.time_relative": "10259.643747000", + "frame.number": "11066", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00008dbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002949", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33682", + "udp.port": "53", + "udp.port": "33682", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "dns": { + "dns.response_to": "11065", + "dns.time": "0.063778000", + "dns.id": "0x0000049f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3413", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1898", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "615", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1117", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1301", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4209", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1957", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1759", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5819", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4595", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:07:52.060309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508468872.060309000", + "frame.time_delta": "0.486449000", + "frame.time_delta_displayed": "900.011358000", + "frame.time_relative": "11159.655105000", + "frame.number": "11855", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000fdee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bace", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49312", + "udp.dstport": "53", + "udp.port": "49312", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009877", + "udp.checksum.status": "2", + "udp.stream": "171" + }, + "dns": { + "dns.response_in": "11856", + "dns.id": "0x000004a0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:07:52.067203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508468872.067203000", + "frame.time_delta": "0.006894000", + "frame.time_delta_displayed": "0.006894000", + "frame.time_relative": "11159.661999000", + "frame.number": "11856", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x0000b190", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000005a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49312", + "udp.port": "53", + "udp.port": "49312", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "171" + }, + "dns": { + "dns.response_to": "11855", + "dns.time": "0.006894000", + "dns.id": "0x000004a0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "141", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4110", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3838", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6614", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2677", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1085", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3641", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5325", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:22:52.076126000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508469772.076126000", + "frame.time_delta": "0.590869000", + "frame.time_delta_displayed": "900.008923000", + "frame.time_relative": "12059.670922000", + "frame.number": "12657", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000a2db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000015e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53703", + "udp.dstport": "53", + "udp.port": "53703", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000874f", + "udp.checksum.status": "2", + "udp.stream": "177" + }, + "dns": { + "dns.response_in": "12658", + "dns.id": "0x000004a1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:22:52.112051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508469772.112051000", + "frame.time_delta": "0.035925000", + "frame.time_delta_displayed": "0.035925000", + "frame.time_relative": "12059.706847000", + "frame.number": "12658", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ccc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53703", + "udp.port": "53", + "udp.port": "53703", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "177" + }, + "dns": { + "dns.response_to": "12657", + "dns.time": "0.035925000", + "dns.id": "0x000004a1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1612", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "98", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6816", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7318", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3503", + "dns.resp.len": "4", + "dns.a": "198.172.88.200" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2409", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3960", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4019", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2795", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.842206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.842206000", + "frame.time_delta": "0.384116000", + "frame.time_delta_displayed": "630.730155000", + "frame.time_relative": "12690.437002000", + "frame.number": "13303", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44754", + "udp.dstport": "53", + "udp.port": "44754", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000011c9", + "udp.checksum.status": "2", + "udp.stream": "184" + }, + "dns": { + "dns.response_in": "13304", + "dns.id": "0x000004a2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.844183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.844183000", + "frame.time_delta": "0.001977000", + "frame.time_delta_displayed": "0.001977000", + "frame.time_relative": "12690.438979000", + "frame.number": "13304", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00000246", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b63a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44754", + "udp.port": "53", + "udp.port": "44754", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "184" + }, + "dns": { + "dns.response_to": "13303", + "dns.time": "0.001977000", + "dns.id": "0x000004a2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.846468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.846468000", + "frame.time_delta": "0.002285000", + "frame.time_delta_displayed": "0.002285000", + "frame.time_relative": "12690.441264000", + "frame.number": "13305", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35982", + "udp.dstport": "53", + "udp.port": "35982", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00004f0c", + "udp.checksum.status": "2", + "udp.stream": "185" + }, + "dns": { + "dns.response_in": "13306", + "dns.id": "0x000004a3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.848081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.848081000", + "frame.time_delta": "0.001613000", + "frame.time_delta_displayed": "0.001613000", + "frame.time_relative": "12690.442877000", + "frame.number": "13306", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00000247", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35982", + "udp.port": "53", + "udp.port": "35982", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "185" + }, + "dns": { + "dns.response_to": "13305", + "dns.time": "0.001613000", + "dns.id": "0x000004a3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3161", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "645", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "645", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "645", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "856", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "164374", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "164374", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2117", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "54351", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "54351", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.264573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.264573000", + "frame.time_delta": "0.001337000", + "frame.time_delta_displayed": "0.416492000", + "frame.time_relative": "12690.859369000", + "frame.number": "13322", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56095", + "udp.dstport": "53", + "udp.port": "56095", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e579", + "udp.checksum.status": "2", + "udp.stream": "186" + }, + "dns": { + "dns.response_in": "13323", + "dns.id": "0x000004a4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.265148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.265148000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "12690.859944000", + "frame.number": "13323", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000026e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b64c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "56095", + "udp.port": "53", + "udp.port": "56095", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "186" + }, + "dns": { + "dns.response_to": "13322", + "dns.time": "0.000575000", + "dns.id": "0x000004a4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.266041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.266041000", + "frame.time_delta": "0.000893000", + "frame.time_delta_displayed": "0.000893000", + "frame.time_relative": "12690.860837000", + "frame.number": "13324", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41786", + "udp.dstport": "53", + "udp.port": "41786", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000385e", + "udp.checksum.status": "2", + "udp.stream": "187" + }, + "dns": { + "dns.response_in": "13325", + "dns.id": "0x000004a5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.266579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.266579000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "12690.861375000", + "frame.number": "13325", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000026f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b63b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41786", + "udp.port": "53", + "udp.port": "41786", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "187" + }, + "dns": { + "dns.response_to": "13324", + "dns.time": "0.000538000", + "dns.id": "0x000004a5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3160", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:37:52.120059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470672.120059000", + "frame.time_delta": "0.625668000", + "frame.time_delta_displayed": "268.853480000", + "frame.time_relative": "12959.714855000", + "frame.number": "13582", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00002649", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009274", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54738", + "udp.dstport": "53", + "udp.port": "54738", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000833f", + "udp.checksum.status": "2", + "udp.stream": "188" + }, + "dns": { + "dns.response_in": "13583", + "dns.id": "0x000004a6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:37:52.140960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470672.140960000", + "frame.time_delta": "0.020901000", + "frame.time_delta_displayed": "0.020901000", + "frame.time_relative": "12959.735756000", + "frame.number": "13583", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004310", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000073f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54738", + "udp.port": "53", + "udp.port": "54738", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "188" + }, + "dns": { + "dns.response_to": "13582", + "dns.time": "0.020901000", + "dns.id": "0x000004a6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "712", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3199", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5916", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6418", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2603", + "dns.resp.len": "4", + "dns.a": "198.172.88.200" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1509", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7258", + "dns.resp.len": "4", + "dns.a": "198.172.88.206" + }, + "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3060", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3119", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1895", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:52:52.147811000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508471572.147811000", + "frame.time_delta": "0.719415000", + "frame.time_delta_displayed": "900.006851000", + "frame.time_relative": "13859.742607000", + "frame.number": "14361", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e5bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55123", + "udp.dstport": "53", + "udp.port": "55123", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000081bd", + "udp.checksum.status": "2", + "udp.stream": "197" + }, + "dns": { + "dns.response_in": "14362", + "dns.id": "0x000004a7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:52:52.212985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508471572.212985000", + "frame.time_delta": "0.065174000", + "frame.time_delta_displayed": "0.065174000", + "frame.time_relative": "13859.807781000", + "frame.number": "14362", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00004fa4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006792", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55123", + "udp.port": "53", + "udp.port": "55123", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "197" + }, + "dns": { + "dns.response_to": "14361", + "dns.time": "0.065174000", + "dns.id": "0x000004a7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21417", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2299", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5016", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5518", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1703", + "dns.resp.len": "4", + "dns.a": "198.172.88.200" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "609", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6358", + "dns.resp.len": "4", + "dns.a": "198.172.88.206" + }, + "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2160", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2219", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:07:52.219360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508472472.219360000", + "frame.time_delta": "0.606095000", + "frame.time_delta_displayed": "900.006375000", + "frame.time_relative": "14759.814156000", + "frame.number": "15111", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c5af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f30d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44889", + "udp.dstport": "53", + "udp.port": "44889", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a9b6", + "udp.checksum.status": "2", + "udp.stream": "205" + }, + "dns": { + "dns.response_in": "15112", + "dns.id": "0x000004a8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:07:52.306389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508472472.306389000", + "frame.time_delta": "0.087029000", + "frame.time_delta_displayed": "0.087029000", + "frame.time_relative": "14759.901185000", + "frame.number": "15112", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000a365", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000013a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44889", + "udp.port": "53", + "udp.port": "44889", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "205" + }, + "dns": { + "dns.response_to": "15111", + "dns.time": "0.087029000", + "dns.id": "0x000004a8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "510", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3699", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "238", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3014", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3078", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3486", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "41", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3621", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1725", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4177", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:22:52.395472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508473372.395472000", + "frame.time_delta": "3.711619000", + "frame.time_delta_displayed": "900.089083000", + "frame.time_relative": "15659.990268000", + "frame.number": "15884", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000043a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007517", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53892", + "udp.dstport": "53", + "udp.port": "53892", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000868a", + "udp.checksum.status": "2", + "udp.stream": "212" + }, + "dns": { + "dns.response_in": "15885", + "dns.id": "0x000004a9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:22:52.423942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508473372.423942000", + "frame.time_delta": "0.028470000", + "frame.time_delta_displayed": "0.028470000", + "frame.time_relative": "15660.018738000", + "frame.number": "15885", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000f1a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c566", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53892", + "udp.port": "53", + "udp.port": "53892", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "212" + }, + "dns": { + "dns.response_to": "15884", + "dns.time": "0.028470000", + "dns.id": "0x000004a9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21258", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7339", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2114", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2178", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2586", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7142", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2721", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "825", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3277", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.396307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.396307000", + "frame.time_delta": "4.678140000", + "frame.time_delta_displayed": "630.972365000", + "frame.time_relative": "16290.991103000", + "frame.number": "16442", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000221a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37663", + "udp.dstport": "53", + "udp.port": "37663", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002d74", + "udp.checksum.status": "2", + "udp.stream": "215" + }, + "dns": { + "dns.response_in": "16443", + "dns.id": "0x000004aa", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.398249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.398249000", + "frame.time_delta": "0.001942000", + "frame.time_delta_displayed": "0.001942000", + "frame.time_relative": "16290.993045000", + "frame.number": "16443", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00008616", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000326a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37663", + "udp.port": "53", + "udp.port": "37663", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "215" + }, + "dns": { + "dns.response_to": "16442", + "dns.time": "0.001942000", + "dns.id": "0x000004aa", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.399079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.399079000", + "frame.time_delta": "0.000830000", + "frame.time_delta_displayed": "0.000830000", + "frame.time_relative": "16290.993875000", + "frame.number": "16444", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002219", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33353", + "udp.dstport": "53", + "udp.port": "33353", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00005949", + "udp.checksum.status": "2", + "udp.stream": "216" + }, + "dns": { + "dns.response_in": "16445", + "dns.id": "0x000004ab", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.400649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.400649000", + "frame.time_delta": "0.001570000", + "frame.time_delta_displayed": "0.001570000", + "frame.time_relative": "16290.995445000", + "frame.number": "16445", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00008617", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33353", + "udp.port": "53", + "udp.port": "33353", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "216" + }, + "dns": { + "dns.response_to": "16444", + "dns.time": "0.001570000", + "dns.id": "0x000004ab", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "140607", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165325", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165325", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144226", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "136799", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "136799", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.818793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.818793000", + "frame.time_delta": "0.002460000", + "frame.time_delta_displayed": "0.418144000", + "frame.time_relative": "16291.413589000", + "frame.number": "16461", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52555", + "udp.dstport": "53", + "udp.port": "52555", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f345", + "udp.checksum.status": "2", + "udp.stream": "217" + }, + "dns": { + "dns.response_in": "16462", + "dns.id": "0x000004ac", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.819379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.819379000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "16291.414175000", + "frame.number": "16462", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000861c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000329e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52555", + "udp.port": "53", + "udp.port": "52555", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "217" + }, + "dns": { + "dns.response_to": "16461", + "dns.time": "0.000586000", + "dns.id": "0x000004ac", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.820220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.820220000", + "frame.time_delta": "0.000841000", + "frame.time_delta_displayed": "0.000841000", + "frame.time_relative": "16291.415016000", + "frame.number": "16463", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58656", + "udp.dstport": "53", + "udp.port": "58656", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f66f", + "udp.checksum.status": "2", + "udp.stream": "218" + }, + "dns": { + "dns.response_in": "16464", + "dns.id": "0x000004ad", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.820779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.820779000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "16291.415575000", + "frame.number": "16464", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000861d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000328d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58656", + "udp.port": "53", + "udp.port": "58656", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "218" + }, + "dns": { + "dns.response_to": "16463", + "dns.time": "0.000559000", + "dns.id": "0x000004ad", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:37:52.430247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474272.430247000", + "frame.time_delta": "3.692969000", + "frame.time_delta_displayed": "268.609468000", + "frame.time_relative": "16560.025043000", + "frame.number": "16697", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e609", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47128", + "udp.dstport": "53", + "udp.port": "47128", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a0f1", + "udp.checksum.status": "2", + "udp.stream": "221" + }, + "dns": { + "dns.response_in": "16698", + "dns.id": "0x000004ae", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:37:52.445842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474272.445842000", + "frame.time_delta": "0.015595000", + "frame.time_delta_displayed": "0.015595000", + "frame.time_relative": "16560.040638000", + "frame.number": "16698", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000be56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f8b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47128", + "udp.port": "53", + "udp.port": "47128", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "221" + }, + "dns": { + "dns.response_to": "16697", + "dns.time": "0.015595000", + "dns.id": "0x000004ae", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20358", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1899", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6439", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1214", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1278", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1686", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6242", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1821", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5927", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2377", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:52:52.450308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508475172.450308000", + "frame.time_delta": "6.313074000", + "frame.time_delta_displayed": "900.004466000", + "frame.time_relative": "17460.045104000", + "frame.number": "17472", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00002b9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58502", + "udp.dstport": "53", + "udp.port": "58502", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007482", + "udp.checksum.status": "2", + "udp.stream": "229" + }, + "dns": { + "dns.response_in": "17473", + "dns.id": "0x000004af", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:52:52.456608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508475172.456608000", + "frame.time_delta": "0.006300000", + "frame.time_delta_displayed": "0.006300000", + "frame.time_relative": "17460.051404000", + "frame.number": "17473", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000011ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a55b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58502", + "udp.port": "53", + "udp.port": "58502", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "229" + }, + "dns": { + "dns.response_to": "17472", + "dns.time": "0.006300000", + "dns.id": "0x000004af", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "19458", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "999", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5539", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "314", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "378", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "786", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5342", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "921", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5027", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1477", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:07:52.464775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476072.464775000", + "frame.time_delta": "4.206559000", + "frame.time_delta_displayed": "900.008167000", + "frame.time_relative": "18360.059571000", + "frame.number": "18263", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00005c8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005c33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58930", + "udp.dstport": "53", + "udp.port": "58930", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000072d5", + "udp.checksum.status": "2", + "udp.stream": "235" + }, + "dns": { + "dns.response_in": "18264", + "dns.id": "0x000004b0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:07:52.473763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476072.473763000", + "frame.time_delta": "0.008988000", + "frame.time_delta_displayed": "0.008988000", + "frame.time_relative": "18360.068559000", + "frame.number": "18264", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000052f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006411", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58930", + "udp.port": "53", + "udp.port": "58930", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "235" + }, + "dns": { + "dns.response_to": "18263", + "dns.time": "0.008988000", + "dns.id": "0x000004b0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "18558", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "99", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4639", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7415", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3479", + "dns.resp.len": "4", + "dns.a": "173.223.52.129" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5887", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4442", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4127", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "577", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:22:52.482011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476972.482011000", + "frame.time_delta": "2.079982000", + "frame.time_delta_displayed": "900.008248000", + "frame.time_relative": "19260.076807000", + "frame.number": "19082", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00007f92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000392b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48250", + "udp.dstport": "53", + "udp.port": "48250", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009c8c", + "udp.checksum.status": "2", + "udp.stream": "242" + }, + "dns": { + "dns.response_in": "19083", + "dns.id": "0x000004b1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:22:52.488375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476972.488375000", + "frame.time_delta": "0.006364000", + "frame.time_delta_displayed": "0.006364000", + "frame.time_relative": "19260.083171000", + "frame.number": "19083", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000024f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009213", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48250", + "udp.port": "53", + "udp.port": "48250", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "242" + }, + "dns": { + "dns.response_to": "19082", + "dns.time": "0.006364000", + "dns.id": "0x000004b1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "17658", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3200", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3739", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6515", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2579", + "dns.resp.len": "4", + "dns.a": "173.223.52.129" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4987", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3542", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3122", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3227", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5678", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.968209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.968209000", + "frame.time_delta": "2.368838000", + "frame.time_delta_displayed": "629.479834000", + "frame.time_relative": "19889.563005000", + "frame.number": "19759", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007011", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48476", + "udp.dstport": "53", + "udp.port": "48476", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000032f", + "udp.checksum.status": "2", + "udp.stream": "248" + }, + "dns": { + "dns.response_in": "19760", + "dns.id": "0x000004b2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.970113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.970113000", + "frame.time_delta": "0.001904000", + "frame.time_delta_displayed": "0.001904000", + "frame.time_relative": "19889.564909000", + "frame.number": "19760", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00006934", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48476", + "udp.port": "53", + "udp.port": "48476", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "248" + }, + "dns": { + "dns.response_to": "19759", + "dns.time": "0.001904000", + "dns.id": "0x000004b2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.971590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.971590000", + "frame.time_delta": "0.001477000", + "frame.time_delta_displayed": "0.001477000", + "frame.time_relative": "19889.566386000", + "frame.number": "19761", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007010", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60103", + "udp.dstport": "53", + "udp.port": "60103", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f0c2", + "udp.checksum.status": "2", + "udp.stream": "249" + }, + "dns": { + "dns.response_in": "19762", + "dns.id": "0x000004b3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.973429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.973429000", + "frame.time_delta": "0.001839000", + "frame.time_delta_displayed": "0.001839000", + "frame.time_relative": "19889.568225000", + "frame.number": "19762", + "frame.len": "269", + "frame.cap_len": "269", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "255", + "ip.id": "0x00006935", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004ec7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60103", + "udp.port": "53", + "udp.port": "60103", + "udp.length": "235", + "udp.checksum": "0x000082ee", + "udp.checksum.status": "2", + "udp.stream": "249" + }, + "dns": { + "dns.response_to": "19761", + "dns.time": "0.001839000", + "dns.id": "0x000004b3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "5", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157175", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157175", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2218", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "47152", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "47152", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.393601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.393601000", + "frame.time_delta": "0.000661000", + "frame.time_delta_displayed": "0.420172000", + "frame.time_relative": "19889.988397000", + "frame.number": "19778", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006ff1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58716", + "udp.dstport": "53", + "udp.port": "58716", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000db2c", + "udp.checksum.status": "2", + "udp.stream": "250" + }, + "dns": { + "dns.response_in": "19779", + "dns.id": "0x000004b4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.394208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.394208000", + "frame.time_delta": "0.000607000", + "frame.time_delta_displayed": "0.000607000", + "frame.time_relative": "19889.989004000", + "frame.number": "19779", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00006951", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58716", + "udp.port": "53", + "udp.port": "58716", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "250" + }, + "dns": { + "dns.response_to": "19778", + "dns.time": "0.000607000", + "dns.id": "0x000004b4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.395034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.395034000", + "frame.time_delta": "0.000826000", + "frame.time_delta_displayed": "0.000826000", + "frame.time_relative": "19889.989830000", + "frame.number": "19780", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006ff0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58570", + "udp.dstport": "53", + "udp.port": "58570", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f6bd", + "udp.checksum.status": "2", + "udp.stream": "251" + }, + "dns": { + "dns.response_in": "19781", + "dns.id": "0x000004b5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.395453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.395453000", + "frame.time_delta": "0.000419000", + "frame.time_delta_displayed": "0.000419000", + "frame.time_relative": "19889.990249000", + "frame.number": "19781", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00006952", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58570", + "udp.port": "53", + "udp.port": "58570", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "251" + }, + "dns": { + "dns.response_to": "19780", + "dns.time": "0.000419000", + "dns.id": "0x000004b5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:37:52.496004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477872.496004000", + "frame.time_delta": "7.655864000", + "frame.time_delta_displayed": "270.100551000", + "frame.time_relative": "20160.090800000", + "frame.number": "20012", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00007136", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004787", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57235", + "udp.dstport": "53", + "udp.port": "57235", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000796e", + "udp.checksum.status": "2", + "udp.stream": "252" + }, + "dns": { + "dns.response_in": "20013", + "dns.id": "0x000004b6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:37:52.557890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477872.557890000", + "frame.time_delta": "0.061886000", + "frame.time_delta_displayed": "0.061886000", + "frame.time_relative": "20160.152686000", + "frame.number": "20013", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00007974", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003dc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57235", + "udp.port": "53", + "udp.port": "57235", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "252" + }, + "dns": { + "dns.response_to": "20012", + "dns.time": "0.061886000", + "dns.id": "0x000004b6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15117", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6717", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7220", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3405", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "311", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58", + "dns.resp.len": "4", + "dns.a": "198.172.88.206" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3867", + "dns.resp.len": "4", + "dns.a": "173.223.52.69" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1920", + "dns.resp.len": "4", + "dns.a": "198.172.88.204" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:52:52.564075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508478772.564075000", + "frame.time_delta": "2.198143000", + "frame.time_delta_displayed": "900.006185000", + "frame.time_relative": "21060.158871000", + "frame.number": "20790", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000cae0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eddc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43240", + "udp.dstport": "53", + "udp.port": "43240", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b018", + "udp.checksum.status": "2", + "udp.stream": "258" + }, + "dns": { + "dns.response_in": "20791", + "dns.id": "0x000004b7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:52:52.600980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508478772.600980000", + "frame.time_delta": "0.036905000", + "frame.time_delta_displayed": "0.036905000", + "frame.time_relative": "21060.195776000", + "frame.number": "20791", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00009731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002005", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43240", + "udp.port": "53", + "udp.port": "43240", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "258" + }, + "dns": { + "dns.response_to": "20790", + "dns.time": "0.036905000", + "dns.id": "0x000004b7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14217", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3106", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5817", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6320", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2505", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5412", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7161", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2967", + "dns.resp.len": "4", + "dns.a": "173.223.52.69" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1020", + "dns.resp.len": "4", + "dns.a": "198.172.88.204" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:07:52.606357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508479672.606357000", + "frame.time_delta": "1.385883000", + "frame.time_delta_displayed": "900.005377000", + "frame.time_relative": "21960.201153000", + "frame.number": "21562", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00004d98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006b25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53213", + "udp.dstport": "53", + "udp.port": "53213", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00008922", + "udp.checksum.status": "2", + "udp.stream": "264" + }, + "dns": { + "dns.response_in": "21563", + "dns.id": "0x000004b8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:07:52.617193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508479672.617193000", + "frame.time_delta": "0.010836000", + "frame.time_delta_displayed": "0.010836000", + "frame.time_relative": "21960.211989000", + "frame.number": "21563", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000db65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dba2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53213", + "udp.port": "53", + "udp.port": "53213", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "264" + }, + "dns": { + "dns.response_to": "21562", + "dns.time": "0.010836000", + "dns.id": "0x000004b8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13317", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2206", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4917", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5420", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1605", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4512", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6261", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2067", + "dns.resp.len": "4", + "dns.a": "173.223.52.69" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "198.172.88.204" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5890", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:22:52.625699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508480572.625699000", + "frame.time_delta": "4.403118000", + "frame.time_delta_displayed": "900.008506000", + "frame.time_relative": "22860.220495000", + "frame.number": "22346", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00005937", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33001", + "udp.dstport": "53", + "udp.port": "33001", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d815", + "udp.checksum.status": "2", + "udp.stream": "268" + }, + "dns": { + "dns.response_in": "22347", + "dns.id": "0x000004b9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:22:52.650694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508480572.650694000", + "frame.time_delta": "0.024995000", + "frame.time_delta_displayed": "0.024995000", + "frame.time_relative": "22860.245490000", + "frame.number": "22347", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000d12d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e5da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33001", + "udp.port": "53", + "udp.port": "33001", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "268" + }, + "dns": { + "dns.response_to": "22346", + "dns.time": "0.024995000", + "dns.id": "0x000004b9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14058", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3601", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "139", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2915", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2980", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1387", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7943", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3523", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5628", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2078", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.664730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.664730000", + "frame.time_delta": "2.566341000", + "frame.time_delta_displayed": "630.014036000", + "frame.time_relative": "23490.259526000", + "frame.number": "22859", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58340", + "udp.dstport": "53", + "udp.port": "58340", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000dc9e", + "udp.checksum.status": "2", + "udp.stream": "271" + }, + "dns": { + "dns.response_in": "22860", + "dns.id": "0x000004ba", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.666597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.666597000", + "frame.time_delta": "0.001867000", + "frame.time_delta_displayed": "0.001867000", + "frame.time_relative": "23490.261393000", + "frame.number": "22860", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00008ce9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002b97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58340", + "udp.port": "53", + "udp.port": "58340", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "271" + }, + "dns": { + "dns.response_to": "22859", + "dns.time": "0.001867000", + "dns.id": "0x000004ba", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.667494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.667494000", + "frame.time_delta": "0.000897000", + "frame.time_delta_displayed": "0.000897000", + "frame.time_relative": "23490.262290000", + "frame.number": "22861", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52564", + "udp.dstport": "53", + "udp.port": "52564", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000e2e", + "udp.checksum.status": "2", + "udp.stream": "272" + }, + "dns": { + "dns.response_in": "22862", + "dns.id": "0x000004bb", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.669032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.669032000", + "frame.time_delta": "0.001538000", + "frame.time_delta_displayed": "0.001538000", + "frame.time_relative": "23490.263828000", + "frame.number": "22862", + "frame.len": "269", + "frame.cap_len": "269", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "255", + "ip.id": "0x00008cea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52564", + "udp.port": "53", + "udp.port": "52564", + "udp.length": "235", + "udp.checksum": "0x000082ee", + "udp.checksum.status": "2", + "udp.stream": "272" + }, + "dns": { + "dns.response_to": "22861", + "dns.time": "0.001538000", + "dns.id": "0x000004bb", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "5", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "688", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "688", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "688", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "153574", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "153574", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171829", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "43551", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "43551", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.087037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.087037000", + "frame.time_delta": "0.001271000", + "frame.time_delta_displayed": "0.418005000", + "frame.time_relative": "23490.681833000", + "frame.number": "22878", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37188", + "udp.dstport": "53", + "udp.port": "37188", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002f3d", + "udp.checksum.status": "2", + "udp.stream": "273" + }, + "dns": { + "dns.response_in": "22879", + "dns.id": "0x000004bc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.087591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.087591000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "23490.682387000", + "frame.number": "22879", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00008d00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002bba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37188", + "udp.port": "53", + "udp.port": "37188", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "273" + }, + "dns": { + "dns.response_to": "22878", + "dns.time": "0.000554000", + "dns.id": "0x000004bc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.088490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.088490000", + "frame.time_delta": "0.000899000", + "frame.time_delta_displayed": "0.000899000", + "frame.time_relative": "23490.683286000", + "frame.number": "22880", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57857", + "udp.dstport": "53", + "udp.port": "57857", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f97e", + "udp.checksum.status": "2", + "udp.stream": "274" + }, + "dns": { + "dns.response_in": "22881", + "dns.id": "0x000004bd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.089060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.089060000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "23490.683856000", + "frame.number": "22881", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00008d01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002ba9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57857", + "udp.port": "53", + "udp.port": "57857", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "274" + }, + "dns": { + "dns.response_to": "22880", + "dns.time": "0.000570000", + "dns.id": "0x000004bd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:37:52.675652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481472.675652000", + "frame.time_delta": "1.044735000", + "frame.time_delta_displayed": "269.586592000", + "frame.time_relative": "23760.270448000", + "frame.number": "23158", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00009f5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000195e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41570", + "udp.dstport": "53", + "udp.port": "41570", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b697", + "udp.checksum.status": "2", + "udp.stream": "280" + }, + "dns": { + "dns.response_in": "23159", + "dns.id": "0x000004be", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:37:52.686467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481472.686467000", + "frame.time_delta": "0.010815000", + "frame.time_delta_displayed": "0.010815000", + "frame.time_relative": "23760.281263000", + "frame.number": "23159", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000db55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dbb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41570", + "udp.port": "53", + "udp.port": "41570", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "280" + }, + "dns": { + "dns.response_to": "23158", + "dns.time": "0.010815000", + "dns.id": "0x000004be", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13158", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2701", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7242", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2015", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2080", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "487", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7043", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2623", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4728", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1178", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:52:52.690665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508482372.690665000", + "frame.time_delta": "0.322371000", + "frame.time_delta_displayed": "900.004198000", + "frame.time_relative": "24660.285461000", + "frame.number": "23918", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00009671", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000224c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "42853", + "udp.dstport": "53", + "udp.port": "42853", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b193", + "udp.checksum.status": "2", + "udp.stream": "284" + }, + "dns": { + "dns.response_in": "23919", + "dns.id": "0x000004bf", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:52:52.711241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508482372.711241000", + "frame.time_delta": "0.020576000", + "frame.time_delta_displayed": "0.020576000", + "frame.time_relative": "24660.306037000", + "frame.number": "23919", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00001d6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "42853", + "udp.port": "53", + "udp.port": "42853", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "284" + }, + "dns": { + "dns.response_to": "23918", + "dns.time": "0.020576000", + "dns.id": "0x000004bf", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10617", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3509", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2217", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2720", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2912", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1812", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3561", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3369", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3423", + "dns.resp.len": "4", + "dns.a": "165.254.134.246" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3190", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:07:52.715432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483272.715432000", + "frame.time_delta": "0.798629000", + "frame.time_delta_displayed": "900.004191000", + "frame.time_relative": "25560.310228000", + "frame.number": "24682", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000a08f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000182e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53913", + "udp.dstport": "53", + "udp.port": "53913", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000865e", + "udp.checksum.status": "2", + "udp.stream": "288" + }, + "dns": { + "dns.response_in": "24683", + "dns.id": "0x000004c0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:07:52.722880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483272.722880000", + "frame.time_delta": "0.007448000", + "frame.time_delta_displayed": "0.007448000", + "frame.time_relative": "25560.317676000", + "frame.number": "24683", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x000067fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53913", + "udp.port": "53", + "udp.port": "53913", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "288" + }, + "dns": { + "dns.response_to": "24682", + "dns.time": "0.007448000", + "dns.id": "0x000004c0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "11358", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "901", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5442", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "215", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "280", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4688", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5243", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "823", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2928", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:12:04.696340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483524.696340000", + "frame.time_delta": "0.145443000", + "frame.time_delta_displayed": "251.973460000", + "frame.time_relative": "25812.291136000", + "frame.number": "24953", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000a209", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000016ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49770", + "udp.dstport": "53", + "udp.port": "49770", + "udp.port": "53", + "udp.length": "49", + "udp.checksum": "0x0000cac1", + "udp.checksum.status": "2", + "udp.stream": "293" + }, + "dns": { + "dns.response_in": "24954", + "dns.id": "0x00000043", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:12:04.767719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483524.767719000", + "frame.time_delta": "0.071379000", + "frame.time_delta_displayed": "0.071379000", + "frame.time_relative": "25812.362515000", + "frame.number": "24954", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x00008814", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002fcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49770", + "udp.port": "53", + "udp.port": "49770", + "udp.length": "263", + "udp.checksum": "0x0000830a", + "udp.checksum.status": "2", + "udp.stream": "293" + }, + "dns": { + "dns.response_to": "24953", + "dns.time": "0.071379000", + "dns.id": "0x00000043", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { + "dns.resp.name": "diagnostics.meethue.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "4", + "dns.a": "130.211.67.12" + } + }, + "Authoritative nameservers": { + "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1704", + "dns.resp.len": "18", + "dns.ns": "ns3.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1704", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1704", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "131086", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "155804", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "155804", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "134705", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127278", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127278", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:22:52.727669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484172.727669000", + "frame.time_delta": "3.871548000", + "frame.time_delta_displayed": "647.959950000", + "frame.time_relative": "26460.322465000", + "frame.number": "25506", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000042c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000075f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55301", + "udp.dstport": "53", + "udp.port": "55301", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000080f1", + "udp.checksum.status": "2", + "udp.stream": "295" + }, + "dns": { + "dns.response_in": "25507", + "dns.id": "0x000004c1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:22:52.765073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484172.765073000", + "frame.time_delta": "0.037404000", + "frame.time_delta_displayed": "0.037404000", + "frame.time_relative": "26460.359869000", + "frame.number": "25507", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000318", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b3f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55301", + "udp.port": "53", + "udp.port": "55301", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "295" + }, + "dns": { + "dns.response_to": "25506", + "dns.time": "0.037404000", + "dns.id": "0x000004c1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8817", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1709", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "417", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "920", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1112", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "12", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1761", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1569", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1623", + "dns.resp.len": "4", + "dns.a": "165.254.134.246" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1390", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.301033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.301033000", + "frame.time_delta": "0.159453000", + "frame.time_delta_displayed": "630.535960000", + "frame.time_relative": "27090.895829000", + "frame.number": "26095", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aa78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60609", + "udp.dstport": "53", + "udp.port": "60609", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000d3b9", + "udp.checksum.status": "2", + "udp.stream": "299" + }, + "dns": { + "dns.response_in": "26096", + "dns.id": "0x000004c2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.303089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.303089000", + "frame.time_delta": "0.002056000", + "frame.time_delta_displayed": "0.002056000", + "frame.time_relative": "27090.897885000", + "frame.number": "26096", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000a9d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000eae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60609", + "udp.port": "53", + "udp.port": "60609", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "299" + }, + "dns": { + "dns.response_to": "26095", + "dns.time": "0.002056000", + "dns.id": "0x000004c2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.303940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.303940000", + "frame.time_delta": "0.000851000", + "frame.time_delta_displayed": "0.000851000", + "frame.time_relative": "27090.898736000", + "frame.number": "26097", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aa79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45112", + "udp.dstport": "53", + "udp.port": "45112", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002b42", + "udp.checksum.status": "2", + "udp.stream": "300" + }, + "dns": { + "dns.response_in": "26098", + "dns.id": "0x000004c3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.305709000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.305709000", + "frame.time_delta": "0.001769000", + "frame.time_delta_displayed": "0.001769000", + "frame.time_relative": "27090.900505000", + "frame.number": "26098", + "frame.len": "269", + "frame.cap_len": "269", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "255", + "ip.id": "0x0000a9d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45112", + "udp.port": "53", + "udp.port": "45112", + "udp.length": "235", + "udp.checksum": "0x000082ee", + "udp.checksum.status": "2", + "udp.stream": "300" + }, + "dns": { + "dns.response_to": "26097", + "dns.time": "0.001769000", + "dns.id": "0x000004c3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "5", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "149973", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "149973", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "168228", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "39950", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "39950", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.726935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.726935000", + "frame.time_delta": "0.001538000", + "frame.time_delta_displayed": "0.421226000", + "frame.time_relative": "27091.321731000", + "frame.number": "26114", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aaa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47836", + "udp.dstport": "53", + "udp.port": "47836", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000059d", + "udp.checksum.status": "2", + "udp.stream": "301" + }, + "dns": { + "dns.response_in": "26115", + "dns.id": "0x000004c4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.727513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.727513000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "27091.322309000", + "frame.number": "26115", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000a9f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ec9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47836", + "udp.port": "53", + "udp.port": "47836", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "301" + }, + "dns": { + "dns.response_to": "26114", + "dns.time": "0.000578000", + "dns.id": "0x000004c4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.728355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.728355000", + "frame.time_delta": "0.000842000", + "frame.time_delta_displayed": "0.000842000", + "frame.time_relative": "27091.323151000", + "frame.number": "26116", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aaa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59436", + "udp.dstport": "53", + "udp.port": "59436", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f34b", + "udp.checksum.status": "2", + "udp.stream": "302" + }, + "dns": { + "dns.response_in": "26117", + "dns.id": "0x000004c5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.728777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.728777000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "27091.323573000", + "frame.number": "26117", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000a9f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000eb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59436", + "udp.port": "53", + "udp.port": "59436", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "302" + }, + "dns": { + "dns.response_to": "26116", + "dns.time": "0.000422000", + "dns.id": "0x000004c5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:37:52.772955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485072.772955000", + "frame.time_delta": "1.222355000", + "frame.time_delta_displayed": "269.044178000", + "frame.time_relative": "27360.367751000", + "frame.number": "26369", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ce92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45574", + "udp.dstport": "53", + "udp.port": "45574", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a6eb", + "udp.checksum.status": "2", + "udp.stream": "304" + }, + "dns": { + "dns.response_in": "26370", + "dns.id": "0x000004c6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:37:52.788820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485072.788820000", + "frame.time_delta": "0.015865000", + "frame.time_delta_displayed": "0.015865000", + "frame.time_relative": "27360.383616000", + "frame.number": "26370", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000cb7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45574", + "udp.port": "53", + "udp.port": "45574", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "304" + }, + "dns": { + "dns.response_to": "26369", + "dns.time": "0.015865000", + "dns.id": "0x000004c6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9558", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3102", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3642", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6416", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2481", + "dns.resp.len": "4", + "dns.a": "96.17.70.176" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2888", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3443", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3024", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1128", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4574", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:52:52.797929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485972.797929000", + "frame.time_delta": "1.729711000", + "frame.time_delta_displayed": "900.009109000", + "frame.time_relative": "28260.392725000", + "frame.number": "27288", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000fdad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bb0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57726", + "udp.dstport": "53", + "udp.port": "57726", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007772", + "udp.checksum.status": "2", + "udp.stream": "311" + }, + "dns": { + "dns.response_in": "27289", + "dns.id": "0x000004c7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:52:52.808637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485972.808637000", + "frame.time_delta": "0.010708000", + "frame.time_delta_displayed": "0.010708000", + "frame.time_relative": "28260.403433000", + "frame.number": "27289", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000efa6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c761", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57726", + "udp.port": "53", + "udp.port": "57726", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "311" + }, + "dns": { + "dns.response_to": "27288", + "dns.time": "0.010708000", + "dns.id": "0x000004c7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8658", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2202", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2742", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5516", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1581", + "dns.resp.len": "4", + "dns.a": "96.17.70.176" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1988", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2543", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2124", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "228", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3674", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:07:52.814329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508486872.814329000", + "frame.time_delta": "5.472047000", + "frame.time_delta_displayed": "900.005692000", + "frame.time_relative": "29160.409125000", + "frame.number": "28061", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000614d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005770", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39493", + "udp.dstport": "53", + "udp.port": "39493", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000beaa", + "udp.checksum.status": "2", + "udp.stream": "315" + }, + "dns": { + "dns.response_in": "28062", + "dns.id": "0x000004c8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:07:52.835978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508486872.835978000", + "frame.time_delta": "0.021649000", + "frame.time_delta_displayed": "0.021649000", + "frame.time_relative": "29160.430774000", + "frame.number": "28062", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000e9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a86d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39493", + "udp.port": "53", + "udp.port": "39493", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "315" + }, + "dns": { + "dns.response_to": "28061", + "dns.time": "0.021649000", + "dns.id": "0x000004c8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6117", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3011", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5718", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6226", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.207": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2421", + "dns.resp.len": "4", + "dns.a": "23.67.56.207" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3318", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7067", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n6b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2874", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4925", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4702", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:22:52.843589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508487772.843589000", + "frame.time_delta": "0.601966000", + "frame.time_delta_displayed": "900.007611000", + "frame.time_relative": "30060.438385000", + "frame.number": "28868", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00008683", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000323a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60232", + "udp.dstport": "53", + "udp.port": "60232", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00006da6", + "udp.checksum.status": "2", + "udp.stream": "322" + }, + "dns": { + "dns.response_in": "28869", + "dns.id": "0x000004c9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:22:52.850618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508487772.850618000", + "frame.time_delta": "0.007029000", + "frame.time_delta_displayed": "0.007029000", + "frame.time_relative": "30060.445414000", + "frame.number": "28869", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x000032d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008460", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60232", + "udp.port": "53", + "udp.port": "60232", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "322" + }, + "dns": { + "dns.response_to": "28868", + "dns.time": "0.007029000", + "dns.id": "0x000004c9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6858", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "402", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "942", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3716", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3782", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "188", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "743", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "324", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4429", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.755985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.755985000", + "frame.time_delta": "1.940613000", + "frame.time_delta_displayed": "628.905367000", + "frame.time_relative": "30689.350781000", + "frame.number": "29396", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009aad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001e0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43519", + "udp.dstport": "53", + "udp.port": "43519", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001674", + "udp.checksum.status": "2", + "udp.stream": "327" + }, + "dns": { + "dns.response_in": "29397", + "dns.id": "0x000004ca", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.757930000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.757930000", + "frame.time_delta": "0.001945000", + "frame.time_delta_displayed": "0.001945000", + "frame.time_relative": "30689.352726000", + "frame.number": "29397", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000a15f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001721", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43519", + "udp.port": "53", + "udp.port": "43519", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "327" + }, + "dns": { + "dns.response_to": "29396", + "dns.time": "0.001945000", + "dns.id": "0x000004ca", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3221", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.758751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.758751000", + "frame.time_delta": "0.000821000", + "frame.time_delta_displayed": "0.000821000", + "frame.time_relative": "30689.353547000", + "frame.number": "29398", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009aae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001e0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34772", + "udp.dstport": "53", + "udp.port": "34772", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000539e", + "udp.checksum.status": "2", + "udp.stream": "328" + }, + "dns": { + "dns.response_in": "29399", + "dns.id": "0x000004cb", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.760366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.760366000", + "frame.time_delta": "0.001615000", + "frame.time_delta_displayed": "0.001615000", + "frame.time_relative": "30689.355162000", + "frame.number": "29399", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x0000a160", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000168c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34772", + "udp.port": "53", + "udp.port": "34772", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "328" + }, + "dns": { + "dns.response_to": "29398", + "dns.time": "0.001615000", + "dns.id": "0x000004cb", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3221", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1322", + "dns.resp.len": "10", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1322", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1322", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "442", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "146375", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "146375", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "164630", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "36352", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "36352", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.179535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.179535000", + "frame.time_delta": "0.001270000", + "frame.time_delta_displayed": "0.419169000", + "frame.time_relative": "30689.774331000", + "frame.number": "29415", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009ac2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001df8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "32927", + "udp.dstport": "53", + "udp.port": "32927", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003fd2", + "udp.checksum.status": "2", + "udp.stream": "329" + }, + "dns": { + "dns.response_in": "29416", + "dns.id": "0x000004cc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.180074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.180074000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "30689.774870000", + "frame.number": "29416", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000a17c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000173e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "32927", + "udp.port": "53", + "udp.port": "32927", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "329" + }, + "dns": { + "dns.response_to": "29415", + "dns.time": "0.000539000", + "dns.id": "0x000004cc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.181272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.181272000", + "frame.time_delta": "0.001198000", + "frame.time_delta_displayed": "0.001198000", + "frame.time_relative": "30689.776068000", + "frame.number": "29417", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009ac3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001df7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50502", + "udp.dstport": "53", + "udp.port": "50502", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000162a", + "udp.checksum.status": "2", + "udp.stream": "330" + }, + "dns": { + "dns.response_in": "29418", + "dns.id": "0x000004cd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.181706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.181706000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "30689.776502000", + "frame.number": "29418", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000a17d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000172d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "50502", + "udp.port": "53", + "udp.port": "50502", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "330" + }, + "dns": { + "dns.response_to": "29417", + "dns.time": "0.000434000", + "dns.id": "0x000004cd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:37:52.855829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488672.855829000", + "frame.time_delta": "3.621068000", + "frame.time_delta_displayed": "270.674123000", + "frame.time_relative": "30960.450625000", + "frame.number": "29698", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000af13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000009aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51191", + "udp.dstport": "53", + "udp.port": "51191", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000090f2", + "udp.checksum.status": "2", + "udp.stream": "331" + }, + "dns": { + "dns.response_in": "29699", + "dns.id": "0x000004ce", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:37:52.862182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488672.862182000", + "frame.time_delta": "0.006353000", + "frame.time_delta_displayed": "0.006353000", + "frame.time_relative": "30960.456978000", + "frame.number": "29699", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ff8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b77c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51191", + "udp.port": "53", + "udp.port": "51191", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "331" + }, + "dns": { + "dns.response_to": "29698", + "dns.time": "0.006353000", + "dns.id": "0x000004ce", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5958", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3503", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "42", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2816", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2882", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5291", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7844", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3426", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3529", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:52:52.869701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508489572.869701000", + "frame.time_delta": "1.064777000", + "frame.time_delta_displayed": "900.007519000", + "frame.time_relative": "31860.464497000", + "frame.number": "30491", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c558", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f364", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43504", + "udp.dstport": "53", + "udp.port": "43504", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000aef8", + "udp.checksum.status": "2", + "udp.stream": "337" + }, + "dns": { + "dns.response_in": "30492", + "dns.id": "0x000004cf", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:52:52.875803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508489572.875803000", + "frame.time_delta": "0.006102000", + "frame.time_delta_displayed": "0.006102000", + "frame.time_relative": "31860.470599000", + "frame.number": "30492", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004e2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000068dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43504", + "udp.port": "53", + "udp.port": "43504", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "337" + }, + "dns": { + "dns.response_to": "30491", + "dns.time": "0.006102000", + "dns.id": "0x000004cf", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5058", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2603", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7144", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1916", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1982", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4391", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6944", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2526", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2629", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "74", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:07:52.881831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508490472.881831000", + "frame.time_delta": "1.602333000", + "frame.time_delta_displayed": "900.006028000", + "frame.time_relative": "32760.476627000", + "frame.number": "31269", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ce88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "38554", + "udp.dstport": "53", + "udp.port": "38554", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c24d", + "udp.checksum.status": "2", + "udp.stream": "343" + }, + "dns": { + "dns.response_in": "31270", + "dns.id": "0x000004d0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:07:52.891762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508490472.891762000", + "frame.time_delta": "0.009931000", + "frame.time_delta_displayed": "0.009931000", + "frame.time_relative": "32760.486558000", + "frame.number": "31270", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000e5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a8ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "38554", + "udp.port": "53", + "udp.port": "38554", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "343" + }, + "dns": { + "dns.response_to": "31269", + "dns.time": "0.009931000", + "dns.id": "0x000004d0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4158", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1703", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6244", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1016", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1082", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3491", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6044", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1626", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1729", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5177", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:22:52.901114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508491372.901114000", + "frame.time_delta": "1.849865000", + "frame.time_delta_displayed": "900.009352000", + "frame.time_relative": "33660.495910000", + "frame.number": "32056", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00004594", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007329", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33202", + "udp.dstport": "53", + "udp.port": "33202", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d734", + "udp.checksum.status": "2", + "udp.stream": "348" + }, + "dns": { + "dns.response_in": "32057", + "dns.id": "0x000004d1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:22:52.972380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508491372.972380000", + "frame.time_delta": "0.071266000", + "frame.time_delta_displayed": "0.071266000", + "frame.time_relative": "33660.567176000", + "frame.number": "32057", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00002997", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33202", + "udp.port": "53", + "udp.port": "33202", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "348" + }, + "dns": { + "dns.response_to": "32056", + "dns.time": "0.071266000", + "dns.id": "0x000004d1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "120", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1617", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2514", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1218", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1726", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1922", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.151": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4820", + "dns.resp.len": "4", + "dns.a": "204.2.166.151" + }, + "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2567", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.151": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2380", + "dns.resp.len": "4", + "dns.a": "204.2.166.151" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "425", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "202", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.349285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.349285000", + "frame.time_delta": "0.837648000", + "frame.time_delta_displayed": "629.376905000", + "frame.time_relative": "34289.944081000", + "frame.number": "32626", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f99e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52881", + "udp.dstport": "53", + "udp.port": "52881", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f1d9", + "udp.checksum.status": "2", + "udp.stream": "352" + }, + "dns": { + "dns.response_in": "32627", + "dns.id": "0x000004d2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.351230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.351230000", + "frame.time_delta": "0.001945000", + "frame.time_delta_displayed": "0.001945000", + "frame.time_relative": "34289.946026000", + "frame.number": "32627", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000ba2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52881", + "udp.port": "53", + "udp.port": "52881", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "352" + }, + "dns": { + "dns.response_to": "32626", + "dns.time": "0.001945000", + "dns.id": "0x000004d2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.352051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.352051000", + "frame.time_delta": "0.000821000", + "frame.time_delta_displayed": "0.000821000", + "frame.time_relative": "34289.946847000", + "frame.number": "32628", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f99f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43337", + "udp.dstport": "53", + "udp.port": "43337", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003221", + "udp.checksum.status": "2", + "udp.stream": "353" + }, + "dns": { + "dns.response_in": "32629", + "dns.id": "0x000004d3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.392543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.392543000", + "frame.time_delta": "0.040492000", + "frame.time_delta_displayed": "0.040492000", + "frame.time_relative": "34289.987339000", + "frame.number": "32629", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x0000ba30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fdbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43337", + "udp.port": "53", + "udp.port": "43337", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "353" + }, + "dns": { + "dns.response_to": "32628", + "dns.time": "0.040492000", + "dns.id": "0x000004d3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1411", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1411", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1411", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171851", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142774", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142774", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "161029", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "32751", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "32751", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.810223000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.810223000", + "frame.time_delta": "0.001028000", + "frame.time_delta_displayed": "0.417680000", + "frame.time_relative": "34290.405019000", + "frame.number": "32645", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f9af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54367", + "udp.dstport": "53", + "udp.port": "54367", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ec09", + "udp.checksum.status": "2", + "udp.stream": "354" + }, + "dns": { + "dns.response_in": "32646", + "dns.id": "0x000004d4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.810817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.810817000", + "frame.time_delta": "0.000594000", + "frame.time_delta_displayed": "0.000594000", + "frame.time_relative": "34290.405613000", + "frame.number": "32646", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ba35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54367", + "udp.port": "53", + "udp.port": "54367", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "354" + }, + "dns": { + "dns.response_to": "32645", + "dns.time": "0.000594000", + "dns.id": "0x000004d4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.811626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.811626000", + "frame.time_delta": "0.000809000", + "frame.time_delta_displayed": "0.000809000", + "frame.time_relative": "34290.406422000", + "frame.number": "32647", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f9b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39432", + "udp.dstport": "53", + "udp.port": "39432", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00004160", + "udp.checksum.status": "2", + "udp.stream": "355" + }, + "dns": { + "dns.response_in": "32648", + "dns.id": "0x000004d5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.812191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.812191000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "34290.406987000", + "frame.number": "32648", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000ba36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39432", + "udp.port": "53", + "udp.port": "39432", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "355" + }, + "dns": { + "dns.response_to": "32647", + "dns.time": "0.000565000", + "dns.id": "0x000004d5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:37:53.011030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492273.011030000", + "frame.time_delta": "0.622307000", + "frame.time_delta_displayed": "270.198839000", + "frame.time_relative": "34560.605826000", + "frame.number": "32884", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000400c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000078b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44772", + "udp.dstport": "53", + "udp.port": "44772", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a9fd", + "udp.checksum.status": "2", + "udp.stream": "356" + }, + "dns": { + "dns.response_in": "32885", + "dns.id": "0x000004d6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:37:53.016866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492273.016866000", + "frame.time_delta": "0.005836000", + "frame.time_delta_displayed": "0.005836000", + "frame.time_relative": "34560.611662000", + "frame.number": "32885", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000c41b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44772", + "udp.port": "53", + "udp.port": "44772", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "356" + }, + "dns": { + "dns.response_to": "32884", + "dns.time": "0.005836000", + "dns.id": "0x000004d6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2357", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3904", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4443", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7217", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3284", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1690", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4243", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3827", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5929", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3376", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:52:53.027071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508493173.027071000", + "frame.time_delta": "3.719993000", + "frame.time_delta_displayed": "900.010205000", + "frame.time_relative": "35460.621867000", + "frame.number": "33758", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000044d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000073ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54661", + "udp.dstport": "53", + "udp.port": "54661", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000835b", + "udp.checksum.status": "2", + "udp.stream": "360" + }, + "dns": { + "dns.response_in": "33759", + "dns.id": "0x000004d7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:52:53.101742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508493173.101742000", + "frame.time_delta": "0.074671000", + "frame.time_delta_displayed": "0.074671000", + "frame.time_relative": "35460.696538000", + "frame.number": "33759", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000f93b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bdcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54661", + "udp.port": "53", + "udp.port": "54661", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "360" + }, + "dns": { + "dns.response_to": "33758", + "dns.time": "0.074671000", + "dns.id": "0x000004d7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1457", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3004", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3543", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6317", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2384", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3343", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2927", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5029", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2476", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:07:53.107570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494073.107570000", + "frame.time_delta": "7.786097000", + "frame.time_delta_displayed": "900.005828000", + "frame.time_relative": "36360.702366000", + "frame.number": "34517", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000f210", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49914", + "udp.dstport": "53", + "udp.port": "49914", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000095e5", + "udp.checksum.status": "2", + "udp.stream": "368" + }, + "dns": { + "dns.response_in": "34518", + "dns.id": "0x000004d8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:07:53.114086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494073.114086000", + "frame.time_delta": "0.006516000", + "frame.time_delta_displayed": "0.006516000", + "frame.time_relative": "36360.708882000", + "frame.number": "34518", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000cccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49914", + "udp.port": "53", + "udp.port": "49914", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "368" + }, + "dns": { + "dns.response_to": "34517", + "dns.time": "0.006516000", + "dns.id": "0x000004d8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "557", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2104", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2643", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5417", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1484", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5891", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2443", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2027", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4129", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1576", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:22:53.123990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494973.123990000", + "frame.time_delta": "1.660357000", + "frame.time_delta_displayed": "900.009904000", + "frame.time_relative": "37260.718786000", + "frame.number": "35283", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000001f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b6c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44922", + "udp.dstport": "53", + "udp.port": "44922", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a964", + "udp.checksum.status": "2", + "udp.stream": "372" + }, + "dns": { + "dns.response_in": "35284", + "dns.id": "0x000004d9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:22:53.134103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494973.134103000", + "frame.time_delta": "0.010113000", + "frame.time_delta_displayed": "0.010113000", + "frame.time_relative": "37260.728899000", + "frame.number": "35284", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000006d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b033", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44922", + "udp.port": "53", + "udp.port": "44922", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "372" + }, + "dns": { + "dns.response_to": "35283", + "dns.time": "0.010113000", + "dns.id": "0x000004d9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21444", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1204", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1743", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4517", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "584", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4991", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1543", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1127", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3229", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "676", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.916241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.916241000", + "frame.time_delta": "3.559096000", + "frame.time_delta_displayed": "629.782138000", + "frame.time_relative": "37890.511037000", + "frame.number": "35811", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007ba1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003d19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49663", + "udp.dstport": "53", + "udp.port": "49663", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000fe63", + "udp.checksum.status": "2", + "udp.stream": "376" + }, + "dns": { + "dns.response_in": "35812", + "dns.id": "0x000004da", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.918183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.918183000", + "frame.time_delta": "0.001942000", + "frame.time_delta_displayed": "0.001942000", + "frame.time_relative": "37890.512979000", + "frame.number": "35812", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000d276", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e609", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49663", + "udp.port": "53", + "udp.port": "49663", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "376" + }, + "dns": { + "dns.response_to": "35811", + "dns.time": "0.001942000", + "dns.id": "0x000004da", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1787", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.920557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.920557000", + "frame.time_delta": "0.002374000", + "frame.time_delta_displayed": "0.002374000", + "frame.time_relative": "37890.515353000", + "frame.number": "35813", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007ba2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003d18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33688", + "udp.dstport": "53", + "udp.port": "33688", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000057ca", + "udp.checksum.status": "2", + "udp.stream": "377" + }, + "dns": { + "dns.response_in": "35814", + "dns.id": "0x000004db", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.922284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.922284000", + "frame.time_delta": "0.001727000", + "frame.time_delta_displayed": "0.001727000", + "frame.time_relative": "37890.517080000", + "frame.number": "35814", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x0000d277", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e574", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33688", + "udp.port": "53", + "udp.port": "33688", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "377" + }, + "dns": { + "dns.response_to": "35813", + "dns.time": "0.001727000", + "dns.id": "0x000004db", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", +